AnsweredAssumed Answered

Additional info on Qid 19071- MySQL Unauthenticated Null User Vulnerability

Question asked by Bruno DE OLIVEIRA on Sep 8, 2016

Hello,

 

I would like to know if I could have more information on this vulnerability, since I can't find more information online.

 

In the knowledgebase, it is stated that an attacker can use this vulnerability to connect to a vulnerable database to extract data without using an username or a password.

However, the solution advise adding strong passwords. What I dont understand is, if the attacker don't use any password to connect, isn't that solution pointless?

 

Can I get more information on how this vulnerability works or how to fix it?

Outcomes