The BACKRONYM MySQL Vulnerability
> Duo Security’s Security Research, Adam Goodman, found a serious vulnerability known as BACKRONYM, affecting Oracle’s popular MySQL database software.
Adam is Principal Security Architect at Duo Security, where he is responsible for leading Duo's security engineering practice. He has spent nearly a decade building secure systems, protocols, and culture (and occasionally veering into security research) at a variety of start-ups.
> Duo Security’s Security Research, Adam Goodman, found a serious vulnerability known as BACKRONYM, affecting Oracle’s popular MySQL database software.
Earlier this year, we wrote about how any Google Application Specific Password (ASP) could be used to bypass 2-Step Verification. Although Google issued a fix to prevent account compromise, your ASPs can still be used to do almost anything else with your Google account.
Attackers were once able to bypass Google's two-step verification to gain account control by capturing a user's application-specific password (ASP).