Bug #74691 mysql_config_editor does not escape strings
Submitted: 5 Nov 2014 1:44 Modified: 12 Jan 18:24
Reporter: Andrew Dalgleish Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:1.0 OS:Any
Assigned to: CPU Architecture:Any

[5 Nov 2014 1:44] Andrew Dalgleish
Description:
The mysql_config_editor does not escape strings or enclose them in quotes.

When the strings are read, hash characters are treated as the start of a comment.
This causes problems if your password contains a hash character.

A workaround is to enter the password in quotes "pass#pass".

How to repeat:
$ mysql_config_editor set --host=host#host --user=user#user -p
Enter password: 
(Enter pass#pass)

$ my_print_defaults client
--user=msandbox
--password=msandbox
--port=5620
--socket=/tmp/mysql_sandbox5620.sock
--user=user
--password=pass
--host=host

$ mysql_config_editor set --host=host#host --user=user#user -p
Enter password: 
(Enter pass#pass)

$ my_print_defaults client
--user=msandbox
--password=msandbox
--port=5620
--socket=/tmp/mysql_sandbox5620.sock
--user=user
--password=pass
--host=host

Suggested fix:
Enclose all strings in quotes.
[28 Jan 2015 19:31] Gayathri Dhanasegaran
I encountered the same bug with: 

OS: Linux
MySQL version: MySQL Enterprise Edition 5.6.21
Utilities version: 1.5.2-1.el6 

Password with string "#" in it causes authentication failure.
[27 Sep 2017 16:24] Ivan Groenewold
This is apparently still happening on latest MySQL 5.7. Any plans to fix this?
[15 Jan 2018 2:57] MySQL Verification Team
See Bug#87107 for WB "Install Helper"s case.
[17 Nov 2020 19:31] Ryan L
This still occurs in the year 2020 on version 8.0.22.
[5 Jan 13:49] Georgi Kodinov
Posted by developer:
 
Also note the fix for bug #29861961 that was pushed to  5.7.33, 8.0.23 and fixes the issue with "#" specifically.
[12 Jan 18:24] Paul DuBois
Posted by developer:
 
Fixed in 8.0.24.

To enable use of spaces and other special characters within
configuration values, mysql_config_editor now surrounds values it
writes to the configuration file with double quote characters, and
also escapes double quote characters used within values.