The 2016 Pwnie Nominee For Best Branding

MySQL crypto downgrade (CVE-2015-3152)

Credit: Adam Goodman

Duo Labs played it both ways. They made a website and logo for their vulnerability to make fun of websites and logos for vulnerabilities but also hoped to sells some duo accounts in the process. Well played for a cryptographic downgrade that needs an attacker right next to your MySQL server or, as they say, “adversaries with passive monitoring capabilities like the NSA”. Everyone knows the NSA already has admin rights on your MySQL server.

MySQL crypto downgrade 

(CVE-2015-3152)