PG
PostgreSQLSQLiteMariaDB
pgref.dev/mariadb/errors/1045
1045ERRORTier 1 — Safe✅ HIGH confidence

Access denied for user (using password)

Category: Access ControlVersions: All MariaDB / MySQL versions

What this means

Error 1045 (SQLSTATE 28000) is the authentication failure error. It is returned by the server before a connection is fully established when the username does not exist, the password is wrong, or the combination of username, hostname, and password does not match any row in the mysql.user table.

Why it happens

  1. 1Wrong password supplied for the user account
  2. 2The user account does not exist on the server
  3. 3The user exists but not for the connecting hostname (e.g., exists for localhost but connecting from 192.168.1.x)
  4. 4The user was created with an authentication plugin the client does not support

How to reproduce

A connection attempt with an incorrect password.

trigger — this will ERROR
mysql -u appuser -pwrongpassword -h localhost myapp_db
ERROR 1045 (28000): Access denied for user 'appuser'@'localhost' (using password: YES)

Fix 1: Reset the user password

When the password is simply wrong or forgotten.

fix
-- As root:
ALTER USER 'appuser'@'localhost' IDENTIFIED BY 'new_secure_password';
FLUSH PRIVILEGES;

Why this works

ALTER USER updates the authentication credentials in the mysql.user grant table. The server uses these credentials for all subsequent connection attempts from that user/host combination.

Fix 2: Create the user for the correct host

When the user exists for localhost but is connecting from another host.

fix
CREATE USER 'appuser'@'%' IDENTIFIED BY 'secure_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp_db.* TO 'appuser'@'%';
FLUSH PRIVILEGES;

Why this works

MariaDB user accounts are identified by username AND hostname. 'appuser'@'localhost' and 'appuser'@'%' are two distinct accounts. The '%' wildcard matches any host.

What not to do

Create a root user with an empty password

Why it's wrong: An unauthenticated root account is a critical security vulnerability. Always set a strong password for root.

Version notes

MariaDB 10.4+The unix_socket authentication plugin is enabled by default for root on many Linux distributions, meaning root can log in without a password from the OS root user. This changes the expected authentication flow.

Sources

📚 Official docs: https://mariadb.com/kb/en/alter-user/

🔧 Source ref: MariaDB Server error code 1045 / ER_ACCESS_DENIED_ERROR

📖 Further reading: MariaDB authentication plugins

Confidence assessment

✅ HIGH confidence

Stable and well-documented. The host-matching semantics are consistent across all versions.

See also

📄 Reference pages

ALTER USERMariaDB authentication
⚙️ This error reference was generated with AI assistance and reviewed for accuracy. Examples are provided to illustrate common scenarios and may not cover every case. Always test fixes in a development environment before applying to production. Spotted an error? Suggest a correction →
All MariaDB errors