1.4 Verify That the MYSQL_PWD Environment Variable is Not in Use

Information

MariaDB can read a default database password from an environment variable called MYSQL_PWD. Avoiding use of this environment variable can better safeguard the confidentiality of MariaDB credentials.

Rationale:

Using the MYSQL_PWD environment variable implies MariaDB credentials are stored as clear text.

Solution

Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.
For unattended logins, you should consider
2) Different authentication methods (e.g., X509 certificate verification)

Default Value:

Not set.

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|16.4

Plugin: Unix

Control ID: b2d3e05a09b1503f33942e16da5fcd18c5f2ab9fe05e7fa5f55f30984228bfe7