AnsweredAssumed Answered

Additional info on Qid 19071- MySQL Unauthenticated Null User Vulnerability

Question asked by Bruno DE OLIVEIRA on Sep 8, 2016
Latest reply on Jun 15, 2018 by DMFezzaReed



I would like to know if I could have more information on this vulnerability, since I can't find more information online.


In the knowledgebase, it is stated that an attacker can use this vulnerability to connect to a vulnerable database to extract data without using an username or a password.

However, the solution advise adding strong passwords. What I dont understand is, if the attacker don't use any password to connect, isn't that solution pointless?


Can I get more information on how this vulnerability works or how to fix it?