MySQL 4.1.x < 4.1.3 and 5.0 - Unauthenticated Authentication Bypass via Zero-Length Scrambled String
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.