I have been able to replicate this on RedHat 6.2, Kernel 2.2.15 compiled on an i486, with
MySQL 3.22.32
On Wed, 31 May 2000 08:17:20 +1000, jason wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>>I'm using mysql 3.22.32 on Linux 2.2.14 kernel, and I believe that
>>I've found a major problem.
>>
>>If, at the command line, I type
>>
>> $ mysql -u root -p
>>
>>I get a password prompt, just like I should. However, if I type
>>
>> $ mysql -u root-p
>>
>>without the space after the "root," it lets me right in. I can do
>>this as any user, and I can repeat it over and over. This seems to be
>>a serious vulnerability.
>
>I'm unable to repeat on
>
> mysql Ver 9.37 Distrib 3.22.29, for sun-solaris2.5.1 (sparc)
>
>and on
>
> mysql Ver 9.38 Distrib 3.22.32, for Win95/Win98 (i586)
>
>on both I get what I'd expect
>
> ERROR 1045: Access denied for user: 'root-p@localhost' (Using
>password: NO)
>
>- --
> jason - elephant@stripped -
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBOTTKkDYpBpopJvWUEQJkgACeLLTmzdVtow0Hmd4pIVm2CEo/TacAoKPW
>E/OMqUoBxXOe261u4B3dNNkp
>=qPP+
>-----END PGP SIGNATURE-----
>
>
>---------------------------------------------------------------------
>Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>posting. To request this thread, e-mail bugs-thread166@stripped
>
>To unsubscribe, send a message to the address shown in the
>List-Unsubscribe header of this message. If you cannot see it,
>e-mail bugs-unsubscribe@stripped instead.
Matt B. Vermette, President
MOTAS INC.
www.motas.on.ca
