-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.5.58
-
Component/s: Packaging, Platform Debian
-
Labels:
-
Environment:Debian
-
Sprint:5.5.59
SELECT count(*) FROM mysql.user WHERE user='root' and password='' |
can report insecure root passwords even if a plugin is used.
If a bit unfair to report an unused password field as insecure if a plugin is set.
https://github.com/grooverdan/mariadb-server/tree/5.5-debian-insecure-root-plugin-empty is a patch that corrects this by testing adding and plugin='' in the sql. I submit this under the MCA.
- relates to
-
MDEV-8375 Debian: Passwordless mysqld root login via socket auth bugfixing
-
- Closed
-