Score:1

Reset mysql user password using hashed password

jp flag

On a mysql server, I made a mistake and changed the wrong user's password, like this:

SET PASSWORD FOR username@'10.1.%' = PASSWORD('newpassword');

Before changing the password, I used "SHOW GRANTS FOR username@'10.1.%'" and noted the password hash displayed. How can I used the hashed password to reset the current password back to the original? I tried using the same "SET PASSWORD" command with the hash as 'newpassword' but it looks like that literally made the hash the new password.

Score:1
in flag

If you check manual of MySQL you will see you can use command:

SET PASSWORD FOR username@'10.1.%' = 'hashed_password';
L.Ray avatar
jp flag
I tried this. After using this command, "SHOW GRANTS" command shows a different hashed password from the original. Why is this so? I believe this command is making the hashed password the actual password.
Romeo Ninov avatar
in flag
@L.Ray, you can try the things from the end of the link.
Score:0
in flag

It looks like you are using MySQL 5.6. Here is the process in that version:

Original password when creating user

create user username@'10.1.%' identified by 'password';
show grants for username@'10.1.%';

output:

GRANT USAGE ON *.* TO 'username'@'10.1.%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19'

Changing password

set password for username@'10.1.%' = PASSWORD('newpassword');
show grants for username@'10.1.%';

output:

GRANT USAGE ON *.* TO 'username'@'10.1.%' IDENTIFIED BY PASSWORD '*FE4F2D624C07AAEBB979DA5C980D0250C37D8F63'

Reverting password

set password for username@'10.1.%' = '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19';
show grants for username@'10.1.%';

output:

GRANT USAGE ON *.* TO 'username'@'10.1.%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19'

Can you check that you are using the entire hashed password? One mistake I've seen is not including the leading asterisk.

L.Ray avatar
jp flag
The problem was I was using "password = ('newpassword')" instead of just placing the new password in single quotes after the "=" sign. Thanks for your help.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.