Bảo mật bàn làm việc MySQL

Lỗ hổng tồn tại do lỗi sử dụng sau khi miễn phí khi xử lý các thuộc tính ID và IDREF hợp lệ. c. Kẻ tấn công từ xa có thể chuyển đầu vào XML được chế tạo đặc biệt cho ứng dụng, kích hoạt lỗi sử dụng sau khi miễn phí và làm hỏng ứng dụng hoặc thực thi mã tùy ý trên hệ thống

Trong quần thể các đối thủ nặng ký nguồn mở, ít công nghệ nào phổ biến như RDBMS của MySQL. Tích hợp với các gói phần mềm phổ biến như WordPress và ngăn xếp máy chủ như LAMP, MySQL đóng vai trò là nền tảng dữ liệu nền tảng cho phần lớn các trang web và dịch vụ đám mây trên internet ngày nay. Thật không may, sự phổ biến của nó chuyển thành các vectơ tấn công và khai thác bảo mật thường được biết đến hơn —sau đây là 11 cách để tăng cường bảo mật MySQL và bảo vệ dữ liệu của bạn hiệu quả hơn

11 cách để cải thiện bảo mật MySQL

1. Bỏ cơ sở dữ liệu thử nghiệm

Cơ sở dữ liệu thử nghiệm được cài đặt bởi gói Máy chủ MySQL như một phần của quy trình mysql_install_db có thể được tất cả người dùng truy cập đầy đủ theo mặc định, khiến nó trở thành mục tiêu chung của những kẻ tấn công. Do đó, nó nên được gỡ bỏ trong quá trình làm cứng sau cài đặt

2. Xóa tất cả tài khoản ẩn danh

MySQL theo mặc định tạo một số người dùng ẩn danh về cơ bản không phục vụ mục đích nào sau khi cài đặt. Do đó, các tài khoản này nên bị xóa vì sự hiện diện của chúng trên hệ thống cung cấp cho kẻ tấn công một điểm vào cơ sở dữ liệu

3. Thay đổi ánh xạ cổng mặc định

MySQL theo mặc định chạy trên cổng 3306. Điều này nên được thay đổi sau khi cài đặt để làm xáo trộn những dịch vụ quan trọng nào đang chạy trên cổng nào, vì những kẻ tấn công ban đầu sẽ cố gắng khai thác các giá trị mặc định

4. Thay đổi Máy chủ lưu trữ nào có quyền truy cập vào MySQL

Nếu được thiết lập như một máy chủ độc lập, (i. e. , nếu ứng dụng và máy chủ web truy vấn cơ sở dữ liệu từ một máy chủ khác), phiên bản MySQL phải được định cấu hình để chỉ cho phép truy cập vào các máy chủ được phép. Điều này có thể được thực hiện bằng cách thực hiện các thay đổi thích hợp trong máy chủ. từ chối và lưu trữ. cho phép tập tin

5. Không chạy MySQL với đặc quyền cấp gốc

MySQL phải được chạy dưới một tài khoản người dùng cụ thể, mới được tạo với các quyền cần thiết để chạy dịch vụ, thay vì trực tiếp với tư cách là người dùng root. Điều này bổ sung một số lợi ích kiểm tra và ghi nhật ký đồng thời ngăn chặn kẻ tấn công giành quyền truy cập bằng cách chiếm quyền điều khiển tài khoản người dùng gốc

6. Xóa và vô hiệu hóa tệp lịch sử MySQL

Giống như cơ sở dữ liệu Kiểm tra, tệp lịch sử MySQL nằm ở ~/. mysql_history được tạo theo mặc định trong quá trình cài đặt. Tệp này sẽ bị xóa vì nó chứa các chi tiết lịch sử liên quan đến các bước cài đặt và cấu hình đã thực hiện. Điều này có khả năng dẫn đến việc vô tình để lộ mật khẩu cho người dùng cơ sở dữ liệu quan trọng. Ngoài ra, một liên kết mềm cho. tệp mysql_history vào thiết bị null nên được tạo để dừng ghi nhật ký vào tệp

7. Vô hiệu hóa đăng nhập từ xa

Nếu cơ sở dữ liệu MySQL chỉ được sử dụng bởi các ứng dụng cục bộ, quyền truy cập từ xa vào máy chủ sẽ bị vô hiệu hóa. Điều này được thực hiện bằng cách mở /etc/my. cnf và thêm mục bỏ qua mạng trong phần [mysqld]. Định cấu hình MySQL để ngừng nghe trên tất cả các cổng TCP/IP bao gồm 127. 0. 0. 1 sẽ hạn chế hiệu quả quyền truy cập cơ sở dữ liệu đối với các giao tiếp dựa trên ổ cắm MySQL cục bộ

8. Giới hạn hoặc Vô hiệu hóa SHOW DATABASES

Một lần nữa, tước bỏ khả năng thu thập thông tin của những kẻ tấn công từ xa là rất quan trọng đối với một vị trí bảo mật an toàn. Vì lý do này, lệnh SHOW DATABASES nên được hạn chế hoặc loại bỏ hoàn toàn bằng cách thêm bỏ qua-show-cơ sở dữ liệu vào phần [mysqld] của tệp cấu hình MySQL tại /etc/my. cnf

9. Vô hiệu hóa việc sử dụng lệnh LOAD DATA LOCAL INFILE

Lệnh LOAD DATA LOCAL INFILE cho phép người dùng đọc các tệp cục bộ và thậm chí truy cập các tệp khác trên hệ điều hành, những tệp này có thể bị kẻ tấn công khai thác bằng các phương pháp như SQL injection. Do đó, lệnh sẽ bị vô hiệu hóa bằng cách chèn set-variable=local-infile=0 vào phần [mysqld] của tôi. cnf

10. Làm xáo trộn tài khoản gốc

Thay đổi tài khoản người dùng root mysql thành một tên khó đoán sẽ thêm một lớp bảo mật khác, vì những kẻ tấn công phải xác định tên tài khoản mới trước khi cố gắng cưỡng bức các giá trị mật khẩu

11. Đặt quyền truy cập tệp thích hợp

Hãy chắc chắn rằng tôi. cnf chỉ có thể ghi root. Ngoài ra, hãy đảm bảo rằng vị trí mặc định cho dữ liệu tại /usr/local/mysql/data được bảo mật đúng cách với các quyền thích hợp

Đây chỉ là 11 trong số vô số nhiệm vụ khó khăn để triển khai MySQL an toàn hơn. Bạn đang tìm cách thực hiện các kiểm tra này và tự động hơn trên toàn bộ môi trường MySQL của mình? . Hãy dùng thử—miễn phí cho tối đa 10 nút

# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail. 1 CVE-2022-23308 416 2022-02-26 2022-11-02 None Remote Medium Not required None None Partial valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. 2 CVE-2022-21824 1321 2022-02-24 2022-11-10 None Remote Low Not required None Partial Partial Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. 3 CVE-2022-1292 78 Exec Code 2022-05-03 2022-10-21 None Remote Low Not required Complete Complete Complete The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). 4 CVE-2021-44533 295 Bypass 2022-02-24 2022-10-06 None Remote Low Not required None Partial None Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable. 5 CVE-2021-44532 295 Bypass 2022-02-24 2022-10-05 None Remote Low Not required None Partial None Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. 6 CVE-2021-44531 295 Bypass 2022-02-24 2022-10-05 None Remote Medium Not required Partial Partial None Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. 7 CVE-2021-20227 416 DoS Exec Code 2021-03-23 2022-11-16 None Local Low Not required None None Partial A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. 8 CVE-2021-3712 125 DoS 2021-08-24 2022-12-06 None Remote Medium Not required Partial None Partial ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). 9 CVE-2021-3634 787 2021-08-31 2022-11-16 None Remote Low ??? None None Partial A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. 10 CVE-2021-3537 476 2021-05-14 2022-07-25 None Remote Medium Not required None None Partial A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. 11 CVE-2021-3518 416 2021-05-18 2022-10-05 None Remote Medium Not required Partial Partial Partial There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. 12 CVE-2021-3517 787 2021-05-19 2022-10-05 None Remote Low Not required Partial Partial Partial There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. 13 CVE-2021-3450 295 Bypass 2021-03-25 2022-07-25 None Remote Medium Not required Partial Partial None The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). 14 CVE-2021-3449 476 DoS 2021-03-25 2022-08-29 None Remote Medium Not required None None Partial An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). 15 CVE-2020-24977 125 2020-09-04 2022-07-25 None Remote Low Not required Partial None Partial GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. 16 CVE-2020-13871 416 2020-06-06 2022-05-13 None Remote Low Not required None None Partial SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. 17 CVE-2020-11656 416 2020-04-09 2022-04-08 None Remote Low Not required Partial Partial Partial In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. 18 CVE-2020-11655 665 DoS 2020-04-09 2022-04-08 None Remote Low Not required None None Partial SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. 19 CVE-2020-9327 476 2020-02-21 2022-04-08 None Remote Low Not required None None Partial In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. 20 CVE-2020-7595 835 2020-01-21 2022-07-25 None Remote Low Not required None None Partial xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. 21 CVE-2020-1967 476 DoS 2020-04-21 2021-12-10 None Remote Low Not required None None Partial Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). 22 CVE-2020-1730 476 2020-04-13 2022-11-08 None Remote Low Not required None None Partial A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. 23 CVE-2019-20388 401 2020-01-21 2022-07-25 None Remote Low Not required None None Partial xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. 24 CVE-2019-20218 2020-01-02 2022-10-07 None Remote Low Not required None None Partial selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. 25 CVE-2019-19926 476 2019-12-23 2022-04-15 None Remote Low Not required None None Partial multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. 26 CVE-2019-19925 434 2019-12-24 2022-04-15 None Remote Low Not required None None Partial zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. 27 CVE-2019-19924 755 2019-12-24 2022-04-15 None Remote Low Not required None Partial None SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. 28 CVE-2019-19923 476 2019-12-24 2022-04-15 None Remote Low Not required None None Partial flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). 29 CVE-2019-19880 476 2019-12-18 2022-04-15 None Remote Low Not required None None Partial exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. 30 CVE-2019-19646 754 2019-12-09 2022-04-15 None Remote Low Not required Partial Partial Partial pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. 31 CVE-2019-19645 674 2019-12-09 2022-04-15 None Local Low Not required None None Partial alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. 32 CVE-2019-19603 2019-12-09 2022-04-15 None Remote Low Not required None None Partial SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. 33 CVE-2019-19317 681 DoS 2019-12-05 2022-04-15 None Remote Low Not required Partial Partial Partial lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. 34 CVE-2019-19244 2019-11-25 2022-04-15 None Remote Low Not required None None Partial sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. 35 CVE-2019-19242 476 2019-11-27 2022-04-19 None Remote Medium Not required None None Partial SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. 36 CVE-2019-14889 78 Exec Code 2019-12-10 2020-12-04 None Remote Medium Not required Complete Complete Complete A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. 37 CVE-2019-10219 79 XSS 2019-11-08 2022-09-12 None Remote Medium Not required None Partial None A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. 38 CVE-2019-1559 203 2019-02-27 2022-08-19 None Remote Medium Not required Partial None None If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). 39 CVE-2018-14550 787 Overflow 2019-07-10 2022-10-28 None Remote Medium Not required Partial Partial Partial An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. 40 CVE-2018-10933 287 2018-10-17 2019-10-09 None Remote Low Not required Partial Partial None A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. 41 CVE-2018-2598 2018-07-18 2019-10-03 None Remote Medium Not required Partial None None Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). 42 CVE-2017-3469 2017-04-24 2019-10-03 None Remote Medium Not required Partial None None Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

MySQL Workbench có an toàn không?

Làm cách nào để cung cấp bảo mật trong MySQL?

Tính bảo mật của MySQL là gì?

Cơ sở dữ liệu MySQL có thể được mã hóa không?