Bug #59848 | libmysql can't authenticate users who have \0 in their password | ||
---|---|---|---|
Submitted: | 31 Jan 2011 14:34 | Modified: | 10 Apr 2011 23:43 |
Reporter: | Andrey Hristov | Email Updates: | |
Status: | No Feedback | Impact on me: | |
Category: | MySQL Server: C API (client library) | Severity: | S3 (Non-critical) |
Version: | any | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[31 Jan 2011 14:34]
Andrey Hristov
[31 Jan 2011 14:34]
Andrey Hristov
I have performed flush privileges after the update.
[31 Jan 2011 20:54]
Peter Laursen
I cannot either. After CREATE USER 'null'@'%' IDENTIFIED BY 'ii\0ii'; -- executes successfully .. I also cannot authenticate no matter if I provide password as 'ii\0ii' or (escaped) as 'ii\\0ii' (or just 'ii0ii'). This is of course an 'edge case' - but at least the user should not create if backs\ash cannot be used in passwords IMHO.
[10 Mar 2011 23:43]
Sveta Smirnova
Thank you for the report. Which server and mysqlnd do you use? I tried with mysqlnd distribution from PHP 5.3.5 and still get "access denied" error
[11 Apr 2011 23:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".