this morning I opened the computer, saw an amazing thread:http://s.seclists.org/oss-sec/2012/q2/493MySQL broke a lot of security vulnerabilities in seclists, affecting almost all version 5.1 to 5.5. The module of the problem is the part of the password check (password.c) that is logged on, and in the case of a user name (such as root), it is possible to log in again and again (about 256 times). However, MySQL authentication is the use of 3 tuple, username, IP, password. If the client IP in the mysql.user table can not find the corresponding, can not log.
this BUG was actually discovered as early as April, and in May 7th of this year, when MySQL released 5.5.24, the BUG was fixed.
the problem code is as follows:
Check that scrambled message corresponds /*