Bug #74691 mysql_config_editor does not escape strings
Submitted: 5 Nov 2014 1:44 Modified: 5 Nov 2014 1:46
Reporter: Andrew Dalgleish Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:1.0 OS:Any
Assigned to: CPU Architecture:Any
Triage: Needs Triage: D4 (Minor)

[5 Nov 2014 1:44] Andrew Dalgleish
Description:
The mysql_config_editor does not escape strings or enclose them in quotes.

When the strings are read, hash characters are treated as the start of a comment.
This causes problems if your password contains a hash character.

A workaround is to enter the password in quotes "pass#pass".

How to repeat:
$ mysql_config_editor set --host=host#host --user=user#user -p
Enter password: 
(Enter pass#pass)

$ my_print_defaults client
--user=msandbox
--password=msandbox
--port=5620
--socket=/tmp/mysql_sandbox5620.sock
--user=user
--password=pass
--host=host

$ mysql_config_editor set --host=host#host --user=user#user -p
Enter password: 
(Enter pass#pass)

$ my_print_defaults client
--user=msandbox
--password=msandbox
--port=5620
--socket=/tmp/mysql_sandbox5620.sock
--user=user
--password=pass
--host=host

Suggested fix:
Enclose all strings in quotes.
[28 Jan 2015 19:31] Gayathri Dhanasegaran
I encountered the same bug with: 

OS: Linux
MySQL version: MySQL Enterprise Edition 5.6.21
Utilities version: 1.5.2-1.el6 

Password with string "#" in it causes authentication failure.
[27 Sep 2017 16:24] Ivan Groenewold
This is apparently still happening on latest MySQL 5.7. Any plans to fix this?
[15 Jan 2018 2:57] Meiji Kimura
See Bug#87107 for WB "Install Helper"s case.