Hey guys
Just heard in the news today that phpMyAdmin has this default account that allows people to go in and hack you?
Anyone know what this default phpMyAdmin account is and how to disable it?
Thanks
It was in the radio. something about a default PMA account with a blank password.
It comes with, by default, a 'root' account with no password. Anyone with a decent level of common sense would either add a password or add a new account/delete the root.
It's called the default user. You need to set the password of course before doing anything else. Plus, if it isn't set, it'll display a message.
Umm wow
.
News, interesting it is.
phpMyAdmin doesn't have a default user... phpMyAdmin doesn't have any user!
It's only a nice frontend of MySQL and so it can only handle the MySQL users...
You can set passwords for MySQL without phpMyAdmin:
mysqladmin -u root -p password 'your_new_root_passwort'
If your using Xampp (apache, mysql etc in one)
it's a security vulnerability in phpMyAdmin
(2009-07-19, 11:02 AM)2KH Wrote: [ -> ]If your using Xampp (apache, mysql etc in one)
it's a security vulnerability in phpMyAdmin
I repeat: It's not a security vulnerability in phpMyAdmin! phpMyAdmin is only a frontend!!!