Error
Error Code:
3893
MySQL Error 3893: Current Password Not Required
Description
This error occurs when an administrator or a privileged user attempts to change another user's password in MySQL, but mistakenly includes the current password as part of the `ALTER USER` or `SET PASSWORD` statement. MySQL expects only the new password for other users, as the current password is not needed for authentication in this specific context.
Error Message
Do not specify the current password while changing it for other users.
Known Causes
3 known causesIncorrect Syntax for ALTER USER
The `ALTER USER` or `SET PASSWORD` statement was used with a clause specifying the current password when modifying an account other than the one currently logged in.
Misunderstanding Password Change Scope
The user performing the action incorrectly applied syntax typically used for changing their own password (which requires the current password) to another user's account.
Redundant Current Password Clause
An unnecessary `IDENTIFIED BY 'current_password'` clause was included in the command, which is only relevant when a user changes their own password.
Solutions
3 solutions available1. Remove Current Password from ALTER USER Statement easy
Correctly modify user passwords by excluding the current password when changing it for others.
1
When you are logged in as a privileged user (e.g., root) and need to change the password for another user, do not include the `IDENTIFIED BY CURRENT PASSWORD` clause. This clause is intended for when a user is changing their own password and provides their current password for verification.
ALTER USER 'other_user'@'localhost' IDENTIFIED BY 'new_strong_password';2
Ensure you are using the `ALTER USER` statement with the correct syntax for changing another user's password. The `IDENTIFIED BY` clause followed by the new password is the standard and correct method.
ALTER USER 'another_user'@'%' IDENTIFIED BY 'a_different_password';2. User Self-Password Change with Current Password easy
Allow users to reset their own passwords by correctly using the current password.
1
If a user needs to change their *own* password, they can use the `IDENTIFIED BY CURRENT PASSWORD` clause. This is the only scenario where specifying the current password is appropriate.
ALTER USER CURRENT_USER() IDENTIFIED BY 'new_password_for_self';
-- Or if the user knows their own current password:
ALTER USER CURRENT_USER() IDENTIFIED BY 'new_password_for_self' CURRENT PASSWORD;2
The `CURRENT_USER()` function in MySQL refers to the user who is currently executing the statement. When used with `ALTER USER`, it allows that specific user to modify their own credentials.
SELECT CURRENT_USER(); -- This will show the user executing the query
ALTER USER CURRENT_USER() IDENTIFIED BY 'my_new_secure_password';3. Review and Correct Privileged User Scripts medium
Audit and update administrative scripts that manage user accounts to prevent this error.
1
Identify any scripts or stored procedures that are used by database administrators to manage user accounts. These scripts might be inadvertently including the `CURRENT PASSWORD` clause when changing passwords for other users.
2
Examine the `ALTER USER` statements within these scripts. If a script is intended to change the password for a user other than the one executing the script, ensure the `CURRENT PASSWORD` clause is removed.
SELECT * FROM mysql.user WHERE User = 'user_to_check'; -- To verify user details
-- Example of a problematic line in a script:
-- ALTER USER 'admin_user'@'localhost' IDENTIFIED BY 'new_pwd' CURRENT PASSWORD;
-- Corrected line:
ALTER USER 'admin_user'@'localhost' IDENTIFIED BY 'new_pwd';3
Test the corrected scripts thoroughly in a staging or development environment before deploying them to production to ensure they function as intended without raising error 3893.