Information
The REPLICATION SLAVE privilege governs whether a given user (in the context of the source server) can request updates that have been made on the source server.
Rationale:
The REPLICATION SLAVE privilege allows a principal to fetch binlog files containing all data changing statements and/or changes to table data from the source. This may be used by an attacker to read/fetch sensitive data from MariaDB.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Perform the following steps to remediate this setting:
Enumerate the non-replica users found in the result set of the audit procedure
For each user, issue the following SQL statement (replace <user> with the non-replica user):
REVOKE REPLICATION SLAVE ON *.* FROM '<user>';
Use the REVOKE statement to remove the REPLICATION SLAVE privilege from users who shouldn't have it.