7.6 Ensure No Anonymous Accounts Exist

Information

Anonymous accounts are users with empty usernames (''). Anonymous accounts have no passwords, so anyone can use them to connect to the MariaDB server.

Rationale:

Removing anonymous accounts will help ensure that only identified and trusted principals are capable of interacting with MariaDB.

Impact:

Any applications relying on anonymous database access will be adversely affected by this change.

Solution

Perform the following actions to remediate this setting:

Enumerate the anonymous users returned from executing the audit procedure.

For each anonymous user, DROP or assign them a name.

Note: As an alternative, you may execute the mariadb-secure-installation utility.

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|16.6

Plugin: MySQLDB

Control ID: 6f93c47a0873a830cfed7b620c7be885c3db3ba9667f699b8efaa97fcaace4b4