Home/ Questions/Q 845735
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T06:30:02+00:00

Suppose that I have a test server with a large group of test accounts.

  • 0

Suppose that I have a test server with a large group of test accounts. The test accounts have unknown passwords which are hard-coded into the application’s reports and are stored encrypted in the mysql.users table.

Is there any option or hack which can be used to make mysql accept any text as the “correct” password for an account? For example:

Update mysql.user Set Password="*" where 1=1

Note: The above line wouldn’t work because it would literally set the password to “*” and not the wildcard character. However, I am looking for a way to create a mysql account which would accept anything as a valid password. This machine is disconnected from the network and I have full access to the mysql database…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Not really.

    What you can do:

    • change the password to a new one ( SET PASSWORD FOR Piskvor='hunter2'; FLUSH PRIVILEGES; )
    • restart the MySQL server with the --skip-grant-tables option. This will allow any password, for any connection, with access to any database. Caveat: this is a major security hole – any user can modify the mysql database, including the users and passwords while the server is running with this option.

    (if you had full access to the database, but would not change existing passwords and/or could not modify server-process options, I’d suspect that something fishy was going on)

    • 0