7.7 Ensure No Users Have Wildcard Hostnames

Information

MySQL can make use of host wildcards when granting permissions to users on specific databases. For example, you may grant a given privilege to '<user>'@'%'.

Rationale:

Avoiding the use of wildcards within hostnames helps control the specific locations from which a given user may connect to and interact with the database.

Solution

Perform the following actions to remediate this setting:

Enumerate all users returned after running the audit procedure.

Either ALTER the user's host to be specific or DROP the user.

See Also

https://workbench.cisecurity.org/files/3859

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: MySQLDB

Control ID: f4dcac485b90f51b4e086707cc7e6c06e9e54e2fd0d1547cd2fea1e7bd66ebdc