Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1566219 - MySQL long passwords aren't accepted on the command line when using sha256_password authentification plugin
Summary: MySQL long passwords aren't accepted on the command line when using sha256_pa...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: mysql
Version: rh-mysql57
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.4
Assignee: Michal Schorm
QA Contact: RHEL CS Apps Subsystem QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-11 19:32 UTC by Michal Schorm
Modified: 2020-01-20 00:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-02 12:19:18 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Michal Schorm 2018-04-11 19:32:41 UTC
When using:

  mysql -u user -pPASSWORD

MySQL server, if the password string provided is longer that 213 characters and set with sha256_password authentification plugin, will always return:

  ERROR 2000 (HY000): Unknown MySQL error

--

Reproducible on MySQL in RHSCL and Fedora.
MariaDB does not use sha256_password plugin.
RHEL6 is not affected, sha256_password was added since mysql 5.6

Reproducer:



mysql -u root -e "CREATE USER 'user'@'localhost' IDENTIFIED WITH sha256_password;"

mysql -u root -e "SET old_passwords = 2; SET PASSWORD FOR 'sha256u'@'localhost' = PASSWORD('1111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222333333333333333333333333333333333333333333333333334444444444444444444444444444444444444444444444444455555555555555555555555555555555555555555555555555123456');"

# 256 characters long password

mysql -u user -p1111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222333333333333333333333333333333333333333333333333334444444444444444444444444444444444444444444444444455555555555555555555555555555555555555555555555555123456

Comment 3 Joe Orton 2019-12-02 12:19:18 UTC
In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended.

New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection.

Customers are encouraged to upgrade to a later release.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/

Comment 4 Michal Schorm 2020-01-20 00:04:53 UTC
This issue still exists in MySQL 8.0 version

However in MySQL 8.0 the 'sha256_password' authentication plugin has been deprecated in favor of 'caching_sha2_password' and it will be removed in future MySQL version.

https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/sha256-pluggable-authentication.html


Note You need to log in before you can comment on or make changes to this bug.