MySQL is an open-source, relational database management system.
You can connect with MySQL server with MySQL clients with graphical interface (ex. MySQL Workbench, Navicat, HeidiSQL, DBeaver, Adminer, Phpmyadmin etc.) or from the command line (ex. bash, iterm, powershell).
In some cases, root or anonymous user can be set without a password and MYSQL service might be opened to the internet. In this case, people with malicious intention might connect to the database to access various data.
You can easily do this with our free and online MySQL Empty Password Vulnerability scanner tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.
Or you can run nmap --script mysql-empty-password -p 3306 Target_Host command on nmap tool which can be installed to all operating systems.
Also, you can use mysql_login auxiliary module of “Metasploit Framework” to check the vulnerability.
Lastly, you can check manually. If your MySQL server is impacted from this vulnerability, you will have a result similar to the following:
mysql -h 172.19.0.100 -u root -p Enter password: // leave it blank Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 9 Server version: 5.7.29-0ubuntu0.18.04.1 (Ubuntu) Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
If your MySQL server is impacted from this vulnerability, run mysql_secure_installation command and follow the instructions.