I have a MySQL server on my Linux box for which I have changed the root password as follows
mysqladmin -u root -p password <newpassword> I have checked that I must use the passowrd to gain access to the server locally. Also telnetting into the server produces the following results: telnet ns1 3306 Trying 207.70.162.2... Connected to ns1. Escape character is '^]'. GHost '207.70.162.210' is not allowed to connect to this MySQL serverConnection closed by foreign host. Nessus, however STILL finds the security hole shown below. I have tried updating the plugins, but the message still persists. I think I am missing something obvious here, but please could someone point me in the right direction? TIA, Dave. Vulnerability found on port mysql (3306/tcp) : Your MySQL database is not password protected. Anyone can connect to it and do whatever he wants to your data (deleting a database, adding bogus entries, ...) We could collect the list of databases installed on the remote host : . 0 Solution : Log into this host, and set a password for the root user through the command 'mysql -u root password <newpassword>' Read the MySQL manual (available on www.mysql.com ) for details. In addition to this, it is not recommanded that you let your MySQL daemon listen to request from anywhere in the world. You should filter incoming connections to this port. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
