After exploiting the vulnerability, the module copies the MySQL server’s master user table, which contains all password hashes.

Security experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.

I am wondering what the best way would be to let a low end user reset passwords for people? This will be a librarian type person who needs to be able to reset passwords for students but shouldn't ...

Security flaw in MySQL, MariaDB allows access with any password—just keep submitting it The flaw, patched in both databases, leaves some versions wide open to attackers ...