问题描述:公司漏扫发现数据库内出现空用户名及密码,需要对这些用户进行整改

1.首先出现了疑问,这些空的用户名是怎么出现的,而且不附带密码。

2.可以手动这样创建这样的用户名和密码形式么。

3.如果能这样创建一个用户,是不是我可以不用用户名和密码能直接登录服务器呢。

4.如何对这样的形式存在进行规避。

空用户名为匿名用户,那么匿名用户能登录么,登录方式可以不用带用户名么。延伸到了mysql的匿名用户,安装完MySQL后,系统默认会创建一个不需要密码的root用户,和一个无用户名无密码的匿名用户(Anonymous Account)。进行下面的初始化操作以合理授权,增强安全。

mysql> create user ''@'localhost' ;

Query OK, 0 rows affected (0.00 sec)
mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+------------------------------------------------------------------------+

| user             | host      | authentication_string                                                  |

+------------------+-----------+------------------------------------------------------------------------+

| employee_proxy   | %         | *DC6775B6D1F01EFD99CC191E929862480DAC2F7A                              |

| root             | %         | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| test01           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| tspmlf           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| username         | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

|                  | localhost |                                                                        |

| backuper         | localhost | *4DDFC2472B45DA20DB77FD7F3C19996CCCE35897                              |

| employee         | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              |

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root             | localhost | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| zabbix           | localhost | *C5A9E29672800EE5E1A1B0EA8C397728FD1660D8                              |

+------------------+-----------+------------------------------------------------------------------------+

13 rows in set (0.00 sec)
[mysql@rhel7 ~]$ /usr/local/mysql8/bin/mysql -u -p -hlocalhost -P33306 -S /data/mysql8/db_dxpt08/mysql.sock

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 11

Server version: 8.0.22 MySQL Community Server - GPL

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


--测试证明,采用匿名登录测试可以直接登录数据库,不过登录进来权限受限制


mysql>

mysql> show grants for ''@'localhost' ;
  +--------------------------------------+
  | Grants for @localhost |
  +--------------------------------------+
  | GRANT USAGE ON *.* TO ``@`localhost` |
  +--------------------------------------+
  1 row in set (0.00 sec)

mysql> select current_user(),user();

+----------------+--------------+

| current_user() | user()       |

+----------------+--------------+

| @localhost     | -p@localhost |

+----------------+--------------+

1 row in set (0.00 sec)

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

mysql>
mysql>
mysql> select user,host from mysql.user;
ERROR 1142 (42000): SELECT command denied to user ''@'localhost' for table 'user'

如何进行规避,删除这种方式

--用drop ‘’@‘localhost’ 方式进行删除

mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+------------------------------------------------------------------------+

| user             | host      | authentication_string                                                  |

+------------------+-----------+------------------------------------------------------------------------+

| employee_proxy   | %         | *DC6775B6D1F01EFD99CC191E929862480DAC2F7A                              |

| root             | %         | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| test01           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| tspmlf           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| username         | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

|                  | localhost |                                                                        |

| backuper         | localhost | *4DDFC2472B45DA20DB77FD7F3C19996CCCE35897                              |

| employee         | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              |

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root             | localhost | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| zabbix           | localhost | *C5A9E29672800EE5E1A1B0EA8C397728FD1660D8                              |

+------------------+-----------+------------------------------------------------------------------------+

13 rows in set (0.00 sec)

mysql> drop user ''@'localhost';

Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+------------------------------------------------------------------------+

| user             | host      | authentication_string                                                  |

+------------------+-----------+------------------------------------------------------------------------+

| employee_proxy   | %         | *DC6775B6D1F01EFD99CC191E929862480DAC2F7A                              |

| root             | %         | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| test01           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| tspmlf           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| username         | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| backuper         | localhost | *4DDFC2472B45DA20DB77FD7F3C19996CCCE35897                              |

| employee         | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              |

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root             | localhost | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| zabbix           | localhost | *C5A9E29672800EE5E1A1B0EA8C397728FD1660D8                              |

+------------------+-----------+------------------------------------------------------------------------+

12 rows in set (0.00 sec)

--delete from mysql.user where user='';

mysql> create user ''@'127.0.0.1' ;

Query OK, 0 rows affected (0.01 sec)

mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+------------------------------------------------------------------------+

| user             | host      | authentication_string                                                  |

+------------------+-----------+------------------------------------------------------------------------+

| employee_proxy   | %         | *DC6775B6D1F01EFD99CC191E929862480DAC2F7A                              |

| root             | %         | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| test01           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| tspmlf           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| username         | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

|                  | 127.0.0.1 |                                                                        |

| backuper         | localhost | *4DDFC2472B45DA20DB77FD7F3C19996CCCE35897                              |

| employee         | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              |

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root             | localhost | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| zabbix           | localhost | *C5A9E29672800EE5E1A1B0EA8C397728FD1660D8                              |

+------------------+-----------+------------------------------------------------------------------------+

13 rows in set (0.00 sec)

mysql> delete from mysql.user where user='';

Query OK, 1 row affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

mysql> select user,host,authentication_string from mysql.user;

+------------------+-----------+------------------------------------------------------------------------+

| user             | host      | authentication_string                                                  |

+------------------+-----------+------------------------------------------------------------------------+

| employee_proxy   | %         | *DC6775B6D1F01EFD99CC191E929862480DAC2F7A                              |

| root             | %         | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| test01           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| tspmlf           | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| username         | %         | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257                              |

| backuper         | localhost | *4DDFC2472B45DA20DB77FD7F3C19996CCCE35897                              |

| employee         | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              |

| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |

| root             | localhost | *858D7135C67CFFAEE40C01A38AB99018DBB245A7                              |

| zabbix           | localhost | *C5A9E29672800EE5E1A1B0EA8C397728FD1660D8                              |

+------------------+-----------+------------------------------------------------------------------------+

12 rows in set (0.00 sec)

匿名用户一般会在刚创建完数据库时,用来防止用户忘记登录密码。如果不及时清理掉,会暴露一个风险给漏扫。

MySQL匿名空用户名处理的更多相关文章

  1. 何修改WAMP中mysql默认空密码--转

    何修改WAMP中mysql默认空密码  http://www.cnblogs.com/hooray/archive/2011/07/23/2114792.html WAMP安装好后,mysql密码是为 ...

  2. paip.导入数据英文音标到数据库mysql为空的问题之道解决原理

    paip.导入数据英文音标到数据库mysql为空的问题之道解决原理 #---原因:mysql 导入工具的bug #---解决:使用双引号不个音标括起来. 作者 老哇的爪子 Attilax 艾龙,  E ...

  3. WAMP中修改mysql默认空密码

    WAMP中如何修改mysql默认空密码 WAMP安装好后,mysql教程密码是为空的,那么要如何修改呢?其实很简单,通过几条指令就行了,下面我就一步步来操作.首先,通过WAMP打开mysql控制台.提 ...

  4. 解决windows下的mysql匿名登陆无法使用mysql数据库的问题

    原文:解决windows下的mysql匿名登陆无法使用mysql数据库的问题 我在windows下安装了mysql,但是不用密码就能登进去,而root明明是有密码的,我用select user()命令 ...

  5. MySQL设置空密码

    因为刚安装的时候,MySQL强制设置密码,但是我需要设置MySQL为空密码 语句: ';

  6. 【转】修改mysql数据库的用户名和密码

    修改mysql数据库的用户名和密码 更改密码 mysql -u root -p Enter password:*** mysql>use mysql; 选择数据库 Database change ...

  7. c# 调用mysql数据库验证用户名和密码

    使用mysql数据库验证用户名和密码时,如果用户名是中文,一直查不到数据 需要把app.config 中修改为 数据库统一设置utf8编码格式,连接数据库的时候设置编码Charset=utf8可以避免 ...

  8. 修改WAMP中mysql默认空密码

    WAMP安装好后,mysql密码是为空的,那么要如何修改呢?其实很简单,通过几条指令就行了,下面我就一步步来操作. 首先,通过WAMP打开mysql控制台. 提示输入密码,因为现在是空,所以直接按回车 ...

  9. 如何修改WAMP中mysql默认空密码

      WAMP安装好后,mysql密码是为空的,那么要如何修改呢?其实很简单,通过几条指令就行了,下面我就一步步来操作. 首先,通过WAMP打开mysql控制台. 提示输入密码,因为现在是空,所以直接按 ...

  10. 如何修改WAMP中mysql默认空密码 以及修改时报错的处理方法

    WAMP安装好后,mysql密码是为空的,那么要如何修改呢?其实很简单,通过几条指令就行了,下面我就一步步来操作. 首先,通过WAMP打开mysql控制台. 提示输入密码,因为现在是空,所以直接按回车 ...

随机推荐

  1. dotNetCore创建Windows服务程序并安装服务

    一.创建控制台程序 二.在项目中添加新建项,选择Windows服务类型. 此时会出现一个错误提示,这是因为尚未添加windows服务控制引用造成的. 三.添加Nuget包,System.Service ...

  2. pytorch模块介绍:torch.nn

    一.简介 nn全称为neural network,意思是神经网络,是torch中构建神经网络的模块. 二.子模块介绍 2.1 nn.functional 该模块包含构建神经网络需要的函数,包括卷积层. ...

  3. vs2010 Windows程序打包成安装包方法

    1.  在vs2010 选择"新建项目"--"其他项目类型"--"Visual Studio Installerà"安装项目": ...

  4. NodeJs 版本管理

    nvm-windows 说明:nvm是Nodejs的版本管理器.在开发中项目可能需要低版本或者高版本的Nodejs运行环境,以此我们可以使用nvm来切换Nodejs的版本. 在安装NVM for Wi ...

  5. Javaweb学习笔记第十一弹(内含Servlet相关知识呦!)

    Web核心 静态资源:HTML,CSS,JavaScript,图片等,负责页面展现 动态资源:Servlet,JSP等,负责逻辑处理 数据库:负责存储数据 HTTP协议:定义通信规则 Web服务器:负 ...

  6. Linux0.11源码学习(二)

    Linux0.11源码学习(二) linux0.11源码学习笔记 参考资料:https://github.com/sunym1993/flash-linux0.11-talk 源码查看:https:/ ...

  7. 声网AI降噪测评系统初探

    作者:孟赛斯 前言 音频质量的优化是一个复杂的系统工程,而降噪是这个系统工程中的一个重要环节,传统的降噪技术经过几十年的发展已经陷入了瓶颈期,尤其是对非平稳噪声的抑制越来越不能满足新场景的需求.而近几 ...

  8. 详解低延时高音质:丢包、抖动与 last mile 优化那些事儿

    本篇是「详解低延时高音质系列」的第三篇技术分享.我们这次要将视角放大,从整个音频引擎链路的角度,来讲讲在时变的网络下,针对不同的应用场景,如何权衡音质和互动的实时性. 当我们在讨论实时互动场景下的低延 ...

  9. 用Java代码验证三门问题

    三门问题(Monty Hall problem)亦称为蒙提霍尔问题,出自美国的电视游戏节目Let's Make a Deal. 问题名字来自该节目的主持人蒙提·霍尔(Monty Hall).参赛者会看 ...

  10. tModLoader随机掉落模组编写

    pre { overflow-y: auto; max-height: 400px } img { max-width: 500px; max-height: 300px } 1. 整体思路 目标是实 ...