phpMyAdmin -- bypass 'no password' restriction
The phpMyAdmin team reports:
A vulnerability was discovered where the restrictions
caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are
bypassed under certain PHP versions. This can allow the
login of users who have no password set even if the
administrator has set $cfg['Servers'][$i]['AllowNoPassword']
to false (which is also the default).
This behavior depends on the PHP version used (it seems
PHP 5 is affected, while PHP 7.0 is not).
We consider this vulnerability to be of moderate severity.
Set a password for all users.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright