hi, > I'm wondering how dangerous it is to allow a user on a > mysql db to view the grants for another user. Could > they take the encrypted password data and possibly > crack it? If they can, how easy is it?
on certain condition it's quite easy, if you have a hash: test.exe 57510426775c5b0f Hash: 57510426775c5b0f Trying length 3 Trying length 4 Trying length 5 Found pass: guest some reading for you: http://www.ngssoftware.com/papers/HackproofingMySQL.pdf all the best, W. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
