MySQL Server Default Root Password

2002-08-18T00:00:00
ID OSVDB:380
Type osvdb
Reporter Mike Bommarito(g0thm0g@attbi.com)
Modified 2002-08-18T00:00:00

Description

Vulnerability Description

By default, MySQL installs with a default password. The root account has no password which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Short Description

By default, MySQL installs with a default password. The root account has no password which is publicly known and documented. This allows attackers to trivially access the program or system.

References:

Vendor URL: http://www.mysql.com/ Nessus Plugin ID:10481 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0185.html Generic Informational URL: http://www.cirt.net/cgi-bin/passwd.pl?method=showven&ven=MySQL