1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles

Information

MariaDB can read a default database password from an environment variable called MYSQL_PWD.

Rationale:

Use of the MYSQL_PWD environment variable implies MariaDB credentials are stored as clear text. Avoiding the use of this environment variable may increase assurance that the confidentiality of MariaDB credentials is preserved.

Solution

Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.

Default Value:

Not set.

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|16.4

Plugin: Unix

Control ID: 9ad46407b156ca1d88c7bdd7411e3a9d1dfabe04457290db986c3b56e4c51ad7