Unprotected phpMyAdmin interface

Description
  • phpMyAdmin is an application written in the PHP language that provides a web-based interface for the administration of MySQL databases. The initial MySQL root account password is empty, so anyone can connect to the MySQL server as root, without a password and be granted all privileges.
Remediation
  • If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use the mysqladmin tool. Check References for detailed information.
References