Bug #27800 | Security problem mysql -u root-p | ||
---|---|---|---|
Submitted: | 13 Apr 2007 3:50 | Modified: | 13 May 2007 7:23 |
Reporter: | Joe Amaral | Email Updates: | |
Status: | No Feedback | Impact on me: | |
Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
Version: | mysql Ver 14.7 Distrib 4.1.20, for redh | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | for redhat-linux-gnu (i686) using readline 4.3, mysql Ver 14.7 Distrib 4.1.20 |
[13 Apr 2007 3:50]
Joe Amaral
[13 Apr 2007 3:56]
Paul DuBois
In this case, you are attempting to connect as the user named "root-p" (the "-p" is interpreted as part of the username, not as a separate password). If you have an anonymous account with no password, the server likely is authenticating you as that user. To find out, connect as you have described, and then issue these queries: SHOW GRANTS; SELECT CURRENT_USER(); If the output shows that the username is blank (''), then you have connected as the anonymous user that has no password. In that case, if you delete that account, the issue you have described should go away.
[13 May 2007 23:02]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".