The host is installed with MariaDB 5.5.x before 5.5.29 or 5.3.x before 5.3.12, or 5.2.x before 5.2.14 and is prone to brute force password guessing attacks vulnerability. The flaw is present in application, which fails to properly handle multiple executions of the change_user command within the same connection. Successful exploitation allows remote attackers to bypass the security.