Danger: MySQL root password - BIG SECURITY ISSUE

Hi guys
I just installed fresh CWPpro on Almalinux 8.10 and every night between 2am-3am I've got notification "Danger: MySQL root password - BIG SECURITY ISSUE - MySQL root login with any password is possible !!!"

Has anyone encountered a similar problem?

Distro Name: AlmaLinux release 8.10 (Cerulean Leopard)
MySQL version: 10.11.14-MariaDB

links to screenshots:
https://drive.google.com/file/d/1uM-Nrgu6p4lCQUPzPPJYUdRju1FkcTHn/view?usp=drive_link
https://drive.google.com/file/d/15sCExe3_o5g-TU9P6ku8AfzmqI0EEOSU/view?usp=drive_link

Have you run mariadb_secure_installation ?
https://mariadb.com/docs/server/clients-and-utilities/deployment-tools/mariadb-secure-installation

yes, that was the first thing I did

That almost looks like MariaDB was installed before CWP.
Which will work, but then CWP skips the MariaDB configuration, and just creates it's needed databases.

I have NEVER gotten that message on any CWP installation I've done back on AlmaLinux 8 or AlmaLinux 9.

Did you try resetting the MariaDB root p/w to something secure?
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password

Make sure CWP knows about the new p/w -- it should be set in these two files:
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
/root/.my.cnf

thank you guys for reply

@Starburst - the installation procedure was:
1. Installed AlmaLinux-8.10-x86_64-minimal
2. Installed CWP based on "Quick guide CentOS 8/ Almalinux 8" https://control-webpanel.com/installation-instructions#step4
3. upgraded MariaDB to 10.11 based on this tutorial:  https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/upgrade-mariadb-10-x-to-10-11-in-cwp-on-almalinux-8 (BTW thanks for great knowledge base)

@overseer - I will try to reset the root password and let you know tomorrow

I tried to change root password based on the tutorial at https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password and everything was ok except step 5 - restart the database server.
I can't do that. Please check it out:

 mariadb.service - MariaDB 10.11.14 database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/mariadb.service.d
           └─migrated-from-my.cnf-settings.conf
   Active: failed (Result: exit-code) since Sat 2025-09-06 07:13:05 BST; 4min 31s ago
     Docs: man:mariadbd(
           https://mariadb.com/kb/en/library/systemd/
  Process: 82635 ExecStart=/usr/sbin/mariadbd $MYSQLD_OPTS $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION (code=exited, status=1/FAILURE)
  Process: 82625 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`/usr/bin/galera_recovery`; [ $? -eq 0 ]   && systemctl set-environment _WSREP_START_POSITION=$VAR || exit 1 (code=exited, status=0/SUCCESS)
  Process: 82623 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
 Main PID: 82635 (code=exited, status=1/FAILURE)
   Status: "MariaDB server is down"

Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [Note] InnoDB: Starting shutdown...
Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [Note] Plugin 'FEEDBACK' is disabled.
Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [ERROR] Could not open mysql.plugin table: "Unknown storage engine 'Aria'". Some plugins may be not loaded
Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [ERROR] Failed to initialize plugins.
Sep 06 07:13:05 srv.com mariadbd[82635]: 2025-09-06  7:13:05 0 [ERROR] Aborting
Sep 06 07:13:05 srv.com systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
Sep 06 07:13:05 srv.com systemd[1]: mariadb.service: Failed with result 'exit-code'.
Sep 06 07:13:05 srv.com systemd[1]: Failed to start MariaDB 10.11.14 database server.

It looks like I have another instance of MariaDB because all my websites work fine at the moment, CWP works fine too
https://drive.google.com/file/d/1yMnBGR5a7IO3kibchbPAc-pTS1Iny72T/view?usp=sharing

Reboot server helped to start MariaDB with CWP

You should find out what extraneous install of MariaDB you have on the server. You may want to go ahead and remove all versions (including 10.11) and upgrade to 11.4.x -- which is an LTS version and backward and forward compatible...
For reference:
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/
A key step would be removing your installed version:

Code: [Select]

systemctl stop mariadb mysql mysqld
systemctl disable mariadb
rpm --nodeps -ev MariaDB-serverThen to install 11.4 (or you could continue re-installing 10.11 as in the link above):
https://starburst.help/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/upgrade-mariadb-10-x-to-10-11-with-cwp-on-almalinux-9/

Thank you so much, I'll try to remove all versions of MariaDB and install 11.4