Absolutely. Remember the MySQL authentication bypass vulnerability¹, where a blank password would succeed to authenticate 1/255th of the time? This reminds me of that.

1: http://thehackernews.com/2012/06/cve-2012-2122-serious-mysql...