edit-icon download-icon

[Vulnerability notice] Weak password vulnerability in MySQL

Last Updated: May 07, 2018

Description

Weak passwords in your MySQL root can be easily cracked, making it easier to access the database. Weak passwords are often too short and simple, and may only have numbers or letters.

Hackers may crack the weak password to log on to the system directly, reading or even modifying the website code.

Fix

Set a complex root password that contains numbers, upper and lower case letters, and symbols.

Note: After changing root password, you must modify the account and password for database connection. We recommend that you do not use the default account of the operating system to connect to the database. You can create a new database account and authorize it to connect to the database.

You can use one of the following methods to change root password.

  • Use the SET PASSWORD command:

    1. mysql -u root
    2. mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('newpass');
  • Use mysqladmin to create/modify root password:

    1. # set up root password for the first time
    2. mysqladmin -u root password "newpass"
    3. # modify root password
    4. mysqladmin -u root password oldpass "newpass"
  • Use the UPDATE command to edit the user table to update root password:

    1. mysql -u root
    2. mysql> use mysql;
    3. mysql> UPDATE user SET Password = PASSWORD('newpass') WHERE user = 'root';
    4. mysql> FLUSH PRIVILEGES;
  • Reset root password:

    1. mysqld_safe --skip-grant-tables&
    2. mysql -u root mysql
    3. mysql> UPDATE user SET password=PASSWORD("new password") WHERE user='root';
    4. mysql> FLUSH PRIVILEGES;
Thank you! We've received your feedback.