Is it possible that zimbra mysql leaves the mysql root password empty?

[rainer_d]

Hi,

I was looking through our DB (we would like to monitor MySQL status) and I found:

Code:

mysql> select Host,User,Password from user ;
+-----------------------------+--------+-----------------------------+
| Host                        | User   | Password                    |
+-----------------------------+--------+-----------------------------+
| localhost                   | root   | *hash                       | 
| zcs-be1.ewmail.everyware.ch | root   |                             | 
| 127.0.0.1                   | root   |                             | 
| localhost                   |        |                             | 
| zcs-be1.ewmail.everyware.ch |        |                             | 
| %                           | zimbra | *another*hash               | 
| localhost                   | zimbra | *another*hash               | 
| localhost.localdomain       | zimbra | *another*hash               | 
| localhost.localdomain       | root   |                             | 
+-----------------------------+--------+-----------------------------+
9 rows in set (0.00 sec)

Shouldn't a password for root be set universally?
While a local user is needed to really exploit this, I still consider it to be "sub-optimal" ;-)



Rainer

[uxbod]

Yes but it is root that is null ... If somebody gains access to your server as root that would be the least of my worries