-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>I'm using mysql 3.22.32 on Linux 2.2.14 kernel, and I believe that
>I've found a major problem.
>
>If, at the command line, I type
>
> $ mysql -u root -p
>
>I get a password prompt, just like I should. However, if I type
>
> $ mysql -u root-p
>
>without the space after the "root," it lets me right in. I can do
>this as any user, and I can repeat it over and over. This seems to be
>a serious vulnerability.
I'm unable to repeat on
mysql Ver 9.37 Distrib 3.22.29, for sun-solaris2.5.1 (sparc)
and on
mysql Ver 9.38 Distrib 3.22.32, for Win95/Win98 (i586)
on both I get what I'd expect
ERROR 1045: Access denied for user: 'root-p@localhost' (Using
password: NO)
- --
jason - elephant@stripped -
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBOTTKkDYpBpopJvWUEQJkgACeLLTmzdVtow0Hmd4pIVm2CEo/TacAoKPW
E/OMqUoBxXOe261u4B3dNNkp
=qPP+
-----END PGP SIGNATURE-----
