Bug #71882 | Use the linux client and typ the option -u twice. | ||
---|---|---|---|
Submitted: | 28 Feb 2014 15:04 | Modified: | 17 Jun 2014 12:09 |
Reporter: | Julien BRUNOT | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
Version: | 5.5.36 | OS: | Linux (Linux ubuntu-dev 3.8.0-34-generic #49-Ubuntu SMP Tue Nov 12 18:00:10 UTC 2013 x86_64 x86_64 x86_64 G) |
Assigned to: | CPU Architecture: | Any | |
Tags: | security vulnerabilty mysqlclient linux |
[28 Feb 2014 15:04]
Julien BRUNOT
[10 Mar 2014 6:29]
MySQL Verification Team
Hello Julien, Thank you for the report. This is normally observed when post installation you don't remove those accounts which are for anonymous users. These have an empty user name. The anonymous accounts have no password, so anyone can use them to connect to the MySQL server. See for more details https://dev.mysql.com/doc/refman/5.6/en/default-privileges.html You can check if the instance has anonymous accounts using: SELECT User, Host, Password FROM mysql.user; After removing those anonymous accounts, reload the grant table and report us if you are still able to connect. Thanks, Umesh
[10 Mar 2014 9:02]
Julien BRUNOT
Thank a lot. It's work. But, I think that it is not normal that the script accepts twice the "u" option without raising of error.