Alexander Barkov added a comment - 2017-12-20 08:28 - edited The same problem is repeatable without simple_password_check plugin: --source include/not_embedded.inc --source include/have_binlog_format_statement.inc   RESET MASTER; # get rid of previous tests binlog   --error ER_PASSWD_LENGTH CREATE USER user1@localhost IDENTIFIED BY 'BsG9#9.cem#!85' , user2@localhost IDENTIFIED BY PASSWORD 'xxx' ;   DROP USER user1@localhost;   --let $binlog_file = LAST source include/show_binlog_events.inc; RESET MASTER; CREATE USER user1@localhost IDENTIFIED BY 'BsG9#9.cem#!85', user2@localhost IDENTIFIED BY PASSWORD 'xxx'; ERROR HY000: Password hash should be a 41-digit hexadecimal number DROP USER user1@localhost; include/show_binlog_events.inc Log_name Pos Event_type Server_id End_log_pos Info master-bin.000001 # Gtid # # GTID #-#-# master-bin.000001 # Query # # use `test`; CREATE USER user1@localhost IDENTIFIED BY 'BsG9#9.cem#!85', user2@localhost IDENTIFIED BY PASSWORD 'xxx' master-bin.000001 # Gtid # # GTID #-#-# master-bin.000001 # Query # # use `test`; DROP USER user1@localhost Note, user2 was not created due to a wrong password hash, however it was logged. It should be fixed: either to log only successfully created users or do changes atomically: if one of the users has a bad password, then don't create any users at all

Elena Stepanova added a comment - 2017-12-20 11:17 bar , did it happen in the scope of MDEV-7288 , as my comment in MDEV-14031 suggests, or is it unrelated?

Alexander Barkov added a comment - 2017-12-27 08:39 - edited elenst , it did not happen in the scope of MDEV-7288 . This problem should be repeatable in earlier versions. Sorry, cannot test 10.0 right now, it does not compile for me.