Description:
MySQL Server should write a warning to the server error log when a connection is attempted using an account configured for a pre-4.1 password, and --skip-secure-auth is not enabled (secure-auth is enabled by default in 5.6.5).  No such message is currently generated.

This should only be recorded with secure-auth is enabled (not allowing pre-4.1 passwords) to prevent spam to error log after user explicitly sets --skip-secure-auth.

How to repeat:
Attempt connection to 5.6.5 using an account with a pre-4.1 password hash, note no error log entry.

Suggested fix:
Add error log entry.

Analysis from the dev team:

We already log a warning for this event in general logs.

-trunk/sql/sql_acl.cc
 9201 static bool secure_auth(MPVIO_EXT *mpvio)
 9202 {
...
 9214     my_error(ER_SERVER_IS_IN_SECURE_AUTH_MODE, MYF(0),
 9215              mpvio->auth_info.user_name,
 9216              mpvio->auth_info.host_or_ip);
 9217     general_log_print(thd, COM_CONNECT,
ER(ER_SERVER_IS_IN_SECURE_AUTH_MODE),
 9218                       mpvio->auth_info.user_name,
 9219                       mpvio->auth_info.host_or_ip);
...

So, adding the same warning into error log, would mean
that same event is getting logged twice.

Now the question is : Should this qualify for an error
log or a general log?

According to the docs (http://dev.mysql.com/doc/refman/5.6/en/error-log.html)
:

"The error log contains information indicating when mysqld was started and
stopped and also any critical errors that occur while the server is running."

A failed authentication is none of the above imho : it's normal operation.
So we shall keep it inside the general log IMHO.

So, after considering the above points, I am closing this bug as 'Not a bug'.