In short, if you try to authenticate to a MySQL server affected by this flaw, there is a chance it will accept your password even if the wrong one was supplied. The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Don’t try this at home. Or if you try it, don’t tell anyone the result.
Original title and link: A Tragically Comedic Security Flaw in MySQL ( ©myNoSQL)