Bug #60587 Advice for Root Account Without Password is not correct
Submitted: 22 Mar 2011 13:06 Modified: 23 Aug 2011 10:34
Reporter: Daniël van Eeden Email Updates:
Status: Closed Impact on me:
Category:MySQL Enterprise Monitor: Advisors/Rules Severity:S4 (Feature request)
Version:2.3.1 OS:Any
Assigned to: Mark Leith CPU Architecture:Any

[22 Mar 2011 13:06] Daniël van Eeden
This is the Recommended Action for Root Account Without Password (v 1.7 *):

UPDATE user SET password = PASSWORD('strong_password')
WHERE user = 'root';

Using GRANT/REVOKE might be better.

This won't work as a 'USE mysql;' is missing. Or user should be substituted my mysql.user.

How to repeat:
Install MEM 2.3.1 and create a root account without password in mysql.

Suggested fix:
[22 Mar 2011 17:07] Gary Whizin
Good find: we'll change advice from the UPDATE statement to using the SET PASSWORD statement
[23 Aug 2011 10:34] Stefan Hinz
Since this was found/fixed internally and will be transparent to users when
they upgrade, not adding a doc changelog entry for it.
[23 Aug 2011 10:34] Stefan Hinz
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at