2 files changed, 61 insertions, 0 deletions

diff --git a/mysql-test/t/change_user_notembedded.test b/mysql-test/t/change_user_notembedded.test
new file mode 100644
index 00000000000..bf5d1956cd5
--- /dev/null
+++ b/mysql-test/t/change_user_notembedded.test
@@ -0,0 +1,24 @@
+source include/not_embedded.inc;
+
+#
+# MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing
+#
+# only three failed change_user per connection.
+# successful change_user do NOT reset the counter
+#
+connect (test,localhost,root,,);
+connection test;
+--error 1045
+change_user foo,bar;
+--error 1045
+change_user foo;
+change_user;
+--error 1045
+change_user foo,bar;
+--error 1047
+change_user foo,bar;
+--error 1047
+change_user;
+disconnect test;
+connection default;
+
diff --git a/mysql-test/t/failed_auth_3909.test b/mysql-test/t/failed_auth_3909.test
new file mode 100644
index 00000000000..3179794d155
--- /dev/null
+++ b/mysql-test/t/failed_auth_3909.test
@@ -0,0 +1,37 @@
+source include/not_embedded.inc;
+
+#
+# MDEV-3909 remote user enumeration
+#
+# verify that for some failed login attemps (with wrong user names)
+# the server requests a plugin
+#
+optimize table mysql.user;
+insert mysql.user (user,plugin) values ('foo','bar'),('bar','bar'),('baz','bar');
+flush privileges;
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_PLUGIN_IS_NOT_LOADED
+connect (fail,localhost,u1);
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect (fail,localhost,u2);
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+connect (fail,localhost,u2,password);
+
+--error ER_PLUGIN_IS_NOT_LOADED
+change_user u1;
+
+--error ER_ACCESS_DENIED_ERROR
+change_user u2;
+
+--error ER_ACCESS_DENIED_ERROR
+change_user u2,password;
+
+delete from mysql.user where plugin = 'bar';
+flush privileges;
+
+