List:General Discussion« Previous MessageNext Message »
From:Reindl Harald Date:January 10 2012 12:34pm
Subject:Re: hide server-version at connect?
View as plain text  

Am 10.01.2012 13:29, schrieb Johan De Meersman:
> ----- Original Message -----
>> From: "Reindl Harald" <h.reindl@stripped>
>>
>> sure? what's the binary between version and "mysql_native_password"?
> 
> No idea, I never bothered to look at the raw protocol :-)

me too :-)

>> mysql 5.5 would be enough i guess, but how to create a patch for
>> rpmbuild which must not be permanently changed for every mysql update
> 
> I wouldn't think that bit of the code changes a lot between versions

i will look

> really. Still, do you really think exposing that is such a risk? 
> Do you have servers exposed to the net?

currently i am scanning all servers from a OpenVAS-Appliance and
my primary target is get away all information disclosures

samba is the next in the list blwoing out even build-number *grr*

all or nothing :-)


Attachment: [application/pgp-signature] OpenPGP digital signature signature.asc
Thread
hide server-version at connect?Reindl Harald10 Jan
  • Re: hide server-version at connect?Johan De Meersman10 Jan
    • Re: hide server-version at connect?Reindl Harald10 Jan
      • Re: hide server-version at connect?Johan De Meersman10 Jan
        • Re: hide server-version at connect?Reindl Harald10 Jan
          • Re: hide server-version at connect?Johnny Withers10 Jan
            • Re: hide server-version at connect?Johan De Meersman10 Jan
              • Re: hide server-version at connect?Chris Tate-Davies10 Jan
                • Re: hide server-version at connect?Chris Tate-Davies10 Jan
  • Re: hide server-version at connect?Paul DuBois10 Jan