Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14796

debian warns of insecure root password when a plugin is used

    Details

    • Sprint:
      5.5.59

      Description

      SELECT count(*) FROM mysql.user WHERE user='root' and password=''

      can report insecure root passwords even if a plugin is used.

      If a bit unfair to report an unused password field as insecure if a plugin is set.

      https://github.com/grooverdan/mariadb-server/tree/5.5-debian-insecure-root-plugin-empty is a patch that corrects this by testing adding and plugin='' in the sql. I submit this under the MCA.

      FYI Otto Kekäläinen, OndÅ™ej Surý

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-8375 Debian: Passwordless mysqld root login via socket auth bugfixing

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

            Activity

              People

              • Assignee:
                svoj Sergey Vojtovich
                Reporter:
                danblack Daniel Black
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: