English

An attack on MySQL's login protocol

Cryptography and Security 2010-06-15 v1

Abstract

The MySQL challenge-and-response authentication protocol is proved insecure. We show how can an eavesdropper impersonate a valid user after witnessing only a few executions of this protocol. The algorithm of the underlying attack is presented. Finally we comment about implementations and statistical results.

Keywords

Cite

@article{arxiv.1006.2411,
  title  = {An attack on MySQL's login protocol},
  author = {Ivan Arce and Emiliano Kargieman and Gerardo Richarte and Carlos Sarraute and Ariel Waissbein},
  journal= {arXiv preprint arXiv:1006.2411},
  year   = {2010}
}

Comments

15 pages, 3 figures. CoreLabs Technical Report

R2 v1 2026-06-21T15:35:17.854Z