Bug #8075 Passwords Not Saved Correctly In Administrator
Submitted: 21 Jan 2005 18:45 Modified: 22 Jan 2005 7:10
Reporter: Walter Wojcik Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Administrator Severity:S2 (Serious)
Version:4.1 OS:Microsoft Windows (Windws XP, Server 2003)
Assigned to: CPU Architecture:Any

[21 Jan 2005 18:45] Walter Wojcik
Description:
When i assign a password for a user in the admin program it does not encrypt it like it does from the command line.  If you open the tables that list the passwords they are in plain text.  This also makes it so that the users can't log into the system because the passwords don't match. I think this is also a serious security issue because if the passwords are in plain-text in the DB anyone can read them(not that they work!).  Did i misconfigure somthing?  I used your MSI packages to install it.

How to repeat:
Create a user and set thier password in the administrator.  Exit the administrator and try to log in using thier username and password.

Suggested fix:
Some thing to do with the encryption (or lack thereof) in the Administrator.  I have had no trouble with doing it the long way.(Command Line)
[22 Jan 2005 7:10] Aleksey Kishkin
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.mysql.com/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to 'Open'.

Thank you for your interest in MySQL.

Additional info:

created user bug8075 with password 'simsim' in MySQL Administrator, logoff, and enter to command line. When I create new user (bug8075again) with the same password (simsim) in command line, I see absolutely the same password in the output of 'user' table.

Probably the cause of error somewhere else. If you have any ideas how to reproduce this error please let us know, we'll test it.

mysql.exe -u root -p mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9 to server version: 4.1.9-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select user, host, password from user;
+---------+-----------+-------------------------------------------+
| user    | host      | password                                  |
+---------+-----------+-------------------------------------------+
| root    | localhost | *EEDA19E4C2302FF9C8334D2219A97004C5DA34A0 |
| bug8075 | %         | *EEDA19E4C2302FF9C8334D2219A97004C5DA34A0 |
+---------+-----------+-------------------------------------------+
2 rows in set (0.00 sec)

mysql> grant all on test.* to bug8075again@'%' identified by 'simsim';
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host, password from user;
+--------------+-----------+-------------------------------------------+
| user         | host      | password                                  |
+--------------+-----------+-------------------------------------------+
| root         | localhost | *EEDA19E4C2302FF9C8334D2219A97004C5DA34A0 |
| bug8075again | %         | *EEDA19E4C2302FF9C8334D2219A97004C5DA34A0 |
| bug8075      | %         | *EEDA19E4C2302FF9C8334D2219A97004C5DA34A0 |
+--------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)
[22 Jan 2005 19:05] Walter Wojcik
OK, I don't get it, now it works fine.  Sorry for wasting your time.

,Walter