[#MDEV-16350] CLONE - root/localhost authn prioritizes authentication

[MDEV-16350] CLONE - root/localhost authn prioritizes authentication_string over Password Created: 2018-05-31 Updated: 2021-06-29 Resolved: 2018-05-31
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Affects Version/s:	10.1, 10.2.15, 10.2, 10.3
Fix Version/s:	N/A

Type:

Bug

Priority:

Critical

Reporter:

houjeri23

Assignee:

Sergei Golubchik

Resolution:

Won't Fix

Votes:

Labels:

None

Issue Links:

Duplicate
duplicates	~~MDEV-16238~~	root/localhost authn prioritizes auth...	Closed

Description

update mysql.user set authentication_string=password('two') where user='root' and host='localhost';

set password for 'root'@'localhost' = password("one");

flush privileges;

^^ You’ll be unable to log in as root/localhost after the above using “one” as the password, but “two” will work.

A preexisting authentication_string should not take priority over the result of SET PASSWORD FOR.

This is a problem for installations that are migrated from MySQL 5.7 because these can still have authentication_string values around.

Comments

Comment by Rasmus Johansson (Inactive) [ 2018-05-31 ]

This is a clone of the linked issue. Not sure why the user did that.

Generated at Thu Feb 08 08:28:14 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.