Jump to content
The Uniform Server Community

UniServer 5.6.2-Nano


Recommended Posts

UniServer 5.6.2-Nano


This release of Uniform Server is a security update.

Although there have been no reported security breaches a potential window of opportunity has been found.

Versions affected, all Mona and Nano series.



When changing MySQL root password “localhost” is correctly updated however host “” remains unchanged. This is undesirable and should be rectified straight away.



Solution is to download the latest version of Uniform Server. However this may be inconvenient. Existing installation are easily upgradeable as follows:


1] Edit file: UniServer\home\admin\www\mqsetup.php

Locate this code:

// Create query string (not sure if you need to flush privs)
$query = 'SET PASSWORD FOR \'root\'@\'localhost\' = PASSWORD(\'' . $nwpass . '\')';
$result = mysql_query($query);

Just below it add the following code:

// Create query string
$query = 'SET PASSWORD FOR \'root\'@\'\' = PASSWORD(\'' . $nwpass . '\')';
$result = mysql_query($query);

$result = mysql_query($query);

2] Start servers

3] From Unitray run restore MySQL password (root, name and password both restored to root)

4] From Apanel set a new MySQL root password or use the one you previously set.


Apologies for any inconvenience caused


Download 5.6.2-Nano



The Uniform Server Development Team :)

Link to comment
Share on other sites

“It takes a brave man to admit to a security issue and do it publicly”.

Well I have no issues with that. Seems he thought it a good idea to either ignore it or brush it under the carpet.


No! Never been my way, if there is a potential security issues it is already a security matter that should be address.


“User report, shortened version;”


The above came to light while testing Z-Con. After creating a restricted user, started testing with MySQL command prompt for accessibility, this was using host and password.


Access denied, using password. However using localhost and password was fine.


Reproducible and confirmed, hence reason for a security update. :)


It appears no one has ever tested this particular scenario hence the issue has never come to light.


Just thought you would like some background to this issue.


All the best

Ric :)

Link to comment
Share on other sites


  • Create New...