I'm running MySQL 3.23.41, and Nessus claims that it's running without any passwords.
Well I checked the error logfile, and sure enough, it logs rejecting connections from nessusd (as user root@ip_of_nessusd) - so I don't know where it got that erroneous opinion from! :-) To confirm this, there was an empty listing of databases returned. It looks like the plugin is looking for the precise error message [and not finding it - maybe that's version dependant?] - maybe it should look for a success instead? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
