HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

User has no password set

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
userhassetpassword

Problem

I see these when running MySQLTuner.pl:

-------- Security Recommendations  -------------------------------------------
[!!] User '@debian' has no password set.
[!!] User '@localhost' has no password set.
------------------------------------------------------------------------------


  • Is it a security hole?



  • How to fix it?



Thanks

Solution

That is definite a security hole. That's because mysql was installed that way.

To remove those entries, please run these lines

DELETE FROM mysql.user WHERE user='' or password='';
FLUSH PRIVILEGES;


Here are three(3) past posts I wrote on how and why to do such cleanup of mysql.user and mysql.db

  • Secure method beside phpMyAdmin for remote mysql



  • MySQL error: Access denied for user 'a'@'localhost' (using password: YES)



  • MySQL : Why are there "test" entries in mysql.db?

Code Snippets

DELETE FROM mysql.user WHERE user='' or password='';
FLUSH PRIVILEGES;

Context

StackExchange Database Administrators Q#17147, answer score: 6

Revisions (0)

No revisions yet.