Bug #9592 Login into root without password
Submitted: 3 Apr 2005 15:03 Modified: 4 Apr 2005 20:00
Reporter: David Brisebois Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1.09 OS:Windows (WinXP)
Assigned to: CPU Architecture:Any

[3 Apr 2005 15:03] David Brisebois 
Description:
In any PHP program(Spip, PMA and a lot of others), I can connect to root account without password using login "rootà" even if a password is specified!

It's on my own computer, but it could be a big vulnerability for hosting services.

How to repeat:
Can connect into root account without password using "rootà" login
[3 Apr 2005 19:50] Aleksey Kishkin 
Hi! could you please to put here output of
select user()

and

show grants for 'rootà'
[3 Apr 2005 20:27] David Brisebois 
select user() returns only root@localhost and show grants for 'rootà' returns an error

But just before, i think i've found the problem: that was a default-based configuration. I remebered that there's * user by default...
[4 Apr 2005 20:00] MySQL Verification Team 
According your last post I assume you had the anonymous user.