diff --git a/controls/mysql_db.rb b/controls/mysql_db.rb
index fd6dc8d..037498e 100644
--- a/controls/mysql_db.rb
+++ b/controls/mysql_db.rb
@@ -54,7 +54,7 @@
 control 'mysql-db-05' do
   impact 1.0
   title 'default passwords must be changed'
-  describe command("mysql -u#{user} -p#{pass} -sN -e 'select count(*) from mysql.user where length(password)=0 or password=\"\";'") do
+  describe command("mysql -u#{user} -p#{pass} -sN -e 'select count(*) from mysql.user where (length(password)=0 or password=\"\") and (length(authentication_string)=0 or authentication_string=\"\");'") do
     its(:stdout) { should match(/^0/) }
   end
 end