7.6 Ensure No Anonymous Accounts Exist

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Anonymous accounts are users with empty usernames (''). Anonymous accounts have no passwords, so anyone can use them to connect to the MariaDB server.

Rationale:

Removing anonymous accounts will help ensure that only identified and trusted principals are capable of interacting with MariaDB.

Impact:

Any applications relying on anonymous database access will be adversely affected by this change.

Solution

Perform the following actions to remediate this setting:

Enumerate the anonymous users returned from executing the audit procedure.

For each anonymous user, DROP or assign them a name.

Note: As an alternative, you may execute the mariadb-secure-installation utility.

See Also

https://workbench.cisecurity.org/benchmarks/12270