Bug #96795 password hash should be a 41-digit hexadecimal number (code 1372) (server 5.6)
Submitted: 9 Sep 18:44 Modified: 11 Sep 18:35
Reporter: Rob Wagner Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Workbench Severity:S2 (Serious)
Version:8.0.17 OS:Microsoft Windows
Assigned to: CPU Architecture:Any

[9 Sep 18:44] Rob Wagner
Description:
I'm running Workbench 8.0.17, and when connecting to a MySQL 5.6 server as a user with an expired password, I get prompted to change my password ("Password for MySQL account blah expired. Please pick a new password.") I enter my old password and a new password, click OK, and then I get "Password hash should be a 41-digit hexadecimal number (code 1372).

Only seems to happen when connecting to 5.6; connections to 5.7 are fine. And if I connect to the same 5.6 server with the same account using the MySQL CLI, it works fine:

rowagn@dig229au:~#> /sso/sfw/mysql/bin/mysql -utest -ptest -hblah.com
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1016592
Server version: 5.6.10

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use information_schema
ERROR 1820 (HY000): You must SET PASSWORD before executing this statement
mysql> set password = password('test123');
Query OK, 0 rows affected (0.01 sec)

I suspect Workbench is sending "set password = 'secretPassword'" instead of "set password = password('secretPassword')".

Any way to resolve this? Thanks.

How to repeat:
On a 5.6 server, create a user with an expired password:

mysql> create user 'test'  identified by 'test' ;
Query OK, 0 rows affected (0.05 sec)
mysql> alter user test password expire;
Query OK, 0 rows affected (0.01 sec)

Then in MySQL Workbench, select Database->Connect to Database and enter the server's hostname, port and username (test).  Click OK.  It will prompt for your password, enter ir, and click OK again.  Now, you should see a window titled "Password Expired."  It will say "Password for MySQL account test@host expired.  Please pick a new password."  Enter the old password (test) and a new password (test123).  Click OK.  An error will appear "Password hash should be a 41-digit hexadecimal number (code 1372)."  At this point, you cannot login to the server using MySQL Workbench, hence, I gave it S2 (Serious).

Suggested fix:
Workbench should properly change an expired password on a MySQL 5.6 server just like it does on a 5.7 server.  The documentation indicates Workbench 8.0 supports MySQL 5.6 (see https://dev.mysql.com/doc/mysql-compat-matrix/en/).
[10 Sep 5:56] Umesh Shastry
Hello Rob Wagner,

Thank you for the report and feedback.

regards,
Umesh
[11 Sep 18:35] Rob Wagner
Note, I don't see this issue on 6.3.10.