How to fix MySQL 2015 Anonymous user cannot use password?

Remove anonymous user accounts instead of setting a password: Removing anonymous accounts is the correct security hardening approach.

2015

MySQLERRORCommonAuthenticationHIGH confidence

Anonymous user cannot use password

Production Risk

Low — security hardening operation fails; anonymous accounts may remain.

What this means

An attempt was made to assign a password to the anonymous user account (''@'localhost' or ''@'%'), which is not permitted. Anonymous users cannot have passwords in MySQL.

Why it happens

1Running SET PASSWORD FOR ''@'localhost' = ...
2Installation script attempting to secure anonymous accounts by setting a password.

How to reproduce

trigger — this will error

SET PASSWORD FOR ''@'localhost' = PASSWORD('secret');

expected output

ERROR 2015 (HY000): You must have privileges to update tables in the mysql database to change root password.

Fix

Remove anonymous user accounts instead of setting a password

DROP USER ''@'localhost';
DROP USER ''@'';

Why this works

Removing anonymous accounts is the correct security hardening approach.

What not to do

Sources

Official documentation ↗

MySQL 8.0 — 2015 ER_PASSWORD_ANONYMOUS_USER

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMySQL Error Numbers

Code2015

ClassAuthentication

SeverityERROR

TierCommon

ConfidenceHIGH