MySQL Bugs: #80860: Strange behaviour for PASSWORD function in 5.7

Bug #80860	Strange behaviour for PASSWORD function in 5.7
Submitted:	25 Mar 2016 10:35	Modified:	26 Mar 2016 5:11
Reporter:	Jean-Marie Renouard (OCA)	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S3 (Non-critical)
Version:	5.7, 5.7.11, 5.6.29	OS:	Linux
Assigned to:		CPU Architecture:	Any

Description:
Hi,

Context:
SHOW PLUGINS;
validate_plugin is activated.
| validate_password          | ACTIVE   | VALIDATE PASSWORD  | validate_password.so | GPL     |

This check is performed by mysqltuner and we can't not control password.

Problem found:
SELECT CONCAT(user, '@', host) FROM mysql.user WHERE authentication_string = PASSWORD('dba') OR authentication_string = PASSWORD(UPPER('dba')) OR authentication_string = PASSWORD(UPPER(LEFT('dba', 1)) + SUBSTRING('dba', 2, LENGTH('dba')))

Result:
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

Awaited result:
As I am not in a update or set password password function shouldn't produce an error.
As I am not trying to update password I shouldn't have an error.

I just try to control password over a list of dummy password.

How to repeat:
Problem found:
SELECT CONCAT(user, '@', host) FROM mysql.user WHERE authentication_string = PASSWORD('dba') OR authentication_string = PASSWORD(UPPER('dba')) OR authentication_string = PASSWORD(UPPER(LEFT('dba', 1)) + SUBSTRING('dba', 2, LENGTH('dba')))

with plugin validate_password activated

Suggested fix:
IF PASSWORD IS CALLED IN A SELECT STATEMENT DON'T PERFORM CHECK.

Hello Jean-Marie Renouard,

Thank you for the report.
Observed with 5.6.29 and 5.7.11.

Thanks,
Umesh