7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@session.sql_mode'

Information

NO_AUTO_CREATE_USER is an option for sql_mode that prevents a GRANT statement from automatically creating a user when authentication information is not provided.

Rationale:

Blank passwords negate the benefits provided by authentication mechanisms. Without this setting an administrative user might accidentally create a user without a password.

Solution

Perform the following actions to remediate this setting:

Open the MySQL configuration file (my.cnf)

Find the sql_mode setting in the [mysqld] area

Add the NO_AUTO_CREATE_USER to the sql_mode setting

Default Value:

NO_ENGINE_SUBSTITUTION

See Also

https://workbench.cisecurity.org/files/3859

Item Details

Category: PLANNING, SYSTEM AND SERVICES ACQUISITION

References: 800-53|PL-8, 800-53|SA-8

Plugin: MySQLDB

Control ID: 0bd8bd55e1558f468b918df8e1c45ef54de4a742be1ff2ba433ea1687604fc54