All Products
Document Center

[Vulnerability notice] Weak password vulnerability in XAMPP

Last Updated: May 07, 2018


XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends. XAMPP stands for Cross-Platform (X), Apache (A), MariaDB (M), PHP (P) and Perl (P). It is a simple, lightweight Apache distribution that makes it easy for developers to create a local web server for testing and deployment purposes.

However, many users fail to modify the weak password after installation, exposing the server to hacker attacks.


Change the weak passwords for the following services: FTP, PHPMyAdmin and MySQL. For example,

In the XAMPP for Windows, run the following command:

  1. (Your drive letter)...\xampp\mysql\bin\mysqladmin -u root -p password new password

You are prompted to enter the old password after running the command. If the old password is correct, the new password immediately gets updated.