[#MDEV-28016] CREATE USER replicated with clear text password

[MDEV-28016] CREATE USER replicated with clear text password Created: 2022-03-07 Updated: 2023-08-21 Resolved: 2022-03-08
Status:	Closed
Project:	MariaDB Server
Component/s:	Admin statements
Affects Version/s:	10.4
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Muhammad Irfan

Assignee:

Unassigned

Resolution:

Duplicate

Votes:

Labels:

galera

Issue Links:

Duplicate
is duplicated by	MDEV-9042	CREATE USER passwords being written t...	Open
is duplicated by	MDEV-10584	Obscure plain text passwords from ser...	In Review

Description

I had Simple Password Check Plugin on 3 node cluster setup with below settings.

simple_password_check_digits  1

simple_password_check_letters_same_case 1

simple_password_check_minimal_length  8

simple_password_check_other_characters  1

However, when tried to create user failed to meet simple password check plugin criteria it still replicated with clear text password.

MariaDB [(none)]> CREATE USER TestUser@localhost IDENTIFIED BY 'mariadb';

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

It seems like clear text password is logged into binary log and below error/warning from rest of cluster nodes.

2022-03-07 13:25:13 2 [ERROR] Slave SQL: Error 'Your password does not satisfy the current policy requirements' on query. Default database: ''. Query: 'CREATE USER TestUser@localhost IDENTIFIED BY 'mariadb'', Internal MariaDB error code: 1819

2022-03-07 13:25:13 2 [Warning] WSREP: Ignoring error 'Your password does not satisfy the current policy requirements' on query. Default database: ''. Query: 'CREATE USER TestUser@localhost IDENTIFIED BY 'mariadb'', Error_code: 1819

Comments

Comment by Elena Stepanova [ 2022-03-07 ]

What is the "main complaint" – that a failed CREATE USER statement is replicated, or that a password from CREATE USER statement (failed or not) is written to the binary log in plain text?

Comment by Muhammad Irfan [ 2022-03-08 ]

elenst It's about password is written as plain text to binary and error log.

Comment by Elena Stepanova [ 2022-03-08 ]

In this case it's MDEV-10584 / MDEV-9042 .

muhammad.irfan, are you okay with re-pointing the support issue to the JIRA items above?

Generated at Thu Feb 08 09:57:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-28016] CREATE USER replicated with clear text password Created: 2022-03-07 Updated: 2023-08-21 Resolved: 2022-03-08