Information
The REPLICATION SLAVE privilege governs whether a given user (in the context of the source server) can request updates that have been made on the source server.
Rationale:
The REPLICATION SLAVE privilege allows a principal to fetch binlog files containing all data changing statements and/or changes in table data from the master. This may be used by an attacker to read/fetch sensitive data from MySQL.
Solution
Perform the following steps to remediate this setting:
Enumerate the non-replica users found in the result set of the audit procedure
For each user, issue the following SQL statement (replace <user> with the non-replica user):
REVOKE REPLICATION SLAVE ON *.* FROM <user>;
Use the REVOKE statement to remove the REPLICATION SLAVE privilege from users who shouldn't have it.