| VID |
25010 |
| Severity |
30 |
| Port |
3306 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The MySQL database is not password protected. Anyone can connect to it and do whatever he wants to your data deleting a database, adding bogus entries, ... |
| Recommendation |
Log into this host, and set a password for the root user through the command 'mysqladmin -u root password <newpassword>'. Read the MySQL manual (available on www.mysql.com) for details.
In addition to this, it is not recommended that you let your MySQL daemon listen to request from anywhere in the world. You should filter incoming connections to this port. |
| Related URL |
CVE-2002-1809 (CVE) |
| Related URL |
5503 (SecurityFocus) |
| Related URL |
9902 (ISS) |
|
