A flaw was found in Mysql in which if an attacker authenticates using an incorrect password with the old authentication mechanism from mysql 4.x and below to a mysql 5.x server the mysql server will respond with a different message than Access Denied, what makes User Account Enumeration possible. Reference: http://seclists.org/fulldisclosure/2012/Dec/9 This issue was assigned CVE-2012-5615.
Some other references: http://www.openwall.com/lists/oss-security/2012/12/02/3 http://www.openwall.com/lists/oss-security/2012/12/02/4 https://mariadb.atlassian.net/browse/MDEV-3909
This issue has not been addressed by the recent January 2013 CPU containing mysql security fixes. http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Deferring this flaw till upstream fixes it. Statement: (none)
This issue affects the version of mysql as shipped with Fedora-17 and Fedora-18.
MariaDB fix: http://bazaar.launchpad.net/~maria-captains/maria/5.2/revision/3202
As per the following link: http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Upstream claims that this issue is fixed in the Oct 2014 CPU of mysql-5.5 Also mariadb at: https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5539-release-notes/
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1859 https://rhn.redhat.com/errata/RHSA-2014-1859.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Via RHSA-2014:1862 https://rhn.redhat.com/errata/RHSA-2014-1862.html
This issue has been addressed in the following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Via RHSA-2014:1860 https://rhn.redhat.com/errata/RHSA-2014-1860.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1861 https://rhn.redhat.com/errata/RHSA-2014-1861.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1937 https://rhn.redhat.com/errata/RHSA-2014-1937.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1940 https://rhn.redhat.com/errata/RHSA-2014-1940.html
mariadb-galera-5.5.40-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.