MySQLERRORNotableSecurityHIGH confidence

Anonymous users cannot change passwords

Q: How to fix MySQL 1131 Anonymous users cannot change passwords?

Remove anonymous accounts and run mysql_secure_installation: Removing anonymous accounts forces all connections to authenticate with a named user, eliminating this error entirely.

Production Risk

High — indicates anonymous accounts exist, which is a security vulnerability.

What this means

ER_PASSWORD_ANONYMOUS_USER (1131, SQLSTATE HY000) is raised when an anonymous MySQL user (connected without a username) attempts to change a password. Anonymous accounts should not exist in production.

Why it happens

1Server was installed without running mysql_secure_installation
2Anonymous account exists in the mysql.user table
3Client connected without supplying a username

How to reproduce

trigger — this will error

-- Connected as anonymous user:
SET PASSWORD = PASSWORD('newpass');

expected output

ERROR 1131 (HY000): You are using MySQL as an anonymous user and anonymous users are not allowed to change passwords

Fix

Remove anonymous accounts and run mysql_secure_installation

WHEN Anonymous accounts exist on the server.

Remove anonymous accounts and run mysql_secure_installation

DELETE FROM mysql.user WHERE User = '';
FLUSH PRIVILEGES;

Why this works

Removing anonymous accounts forces all connections to authenticate with a named user, eliminating this error entirely.

What not to do

✕ Allow anonymous MySQL users in production

Anonymous accounts are a serious security risk; any client can connect without authentication.

Sources

Official documentation ↗

MySQL 8.0 — 1131 ER_PASSWORD_ANONYMOUS_USER

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMySQL Error Numbers

Code1131

ClassSecurity

SeverityERROR

TierNotable

ConfidenceHIGH