MDEV-28838 password_reuse_check plugin mixes username and password

To prevent the problem of mixing user name and password and host name and user name we add length of the hostname and user name to the hash.
2025-07-27 18:02:13 +03:00 · 2022-06-29 14:56:10 +02:00
parent c12192b1c6
commit a5f78505d7
3 changed files with 77 additions and 9 deletions
--- a/mysql-test/suite/plugins/t/password_reuse_check.test
+++ b/mysql-test/suite/plugins/t/password_reuse_check.test
@ -69,5 +69,32 @@ set global password_reuse_check_interval= 10;
 grant select on *.* to user_name@localhost identified by 'test_pwd';
 show warnings;

+drop table mysql.password_reuse_check_history;
+
+--echo #
+--echo # MDEV-28838: password_reuse_check plugin mixes username and password
+--echo #
+
+grant select on *.* to user_name@localhost identified by 'test_pwd';
+
+grant select on *.* to user_nam@localhost identified by 'etest_pwd';
+show warnings;
+
+drop user user_name@localhost;
+drop user user_nam@localhost;
+drop table mysql.password_reuse_check_history;
+
+grant select on *.* to user_name@localhost identified by 'test_pwd';
+
+grant select on *.* to tuser_name@localhos identified by 'test_pwd';
+show warnings;
+
+drop user user_name@localhost;
+drop user tuser_name@localhos;
+
+--echo #
+--echo # End of 10.7 tests
+--echo #
+
 drop table mysql.password_reuse_check_history;
 uninstall plugin password_reuse_check;