2.4 Do Not Reuse Usernames

Information

Database user accounts should not be reused for multiple applications or users.

Rationale:

Utilizing unique database accounts across applications will reduce the impact of a compromised MySQL account. If a user is reused, then a compromise of this user will compromise multiple parts of the system and/or application.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Add/Remove users so that each user is only used for one specific purpose.

See Also

https://workbench.cisecurity.org/files/3848

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv7|4.3

Plugin: MySQLDB

Control ID: 0ad5c9b2536c8bc5e8d7ba37876e5f43de42034c2b477b2db9015fef926e0eab