Security experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.

After exploiting the vulnerability, the module copies the MySQL server’s master user table, which contains all password hashes.