1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles

Information

MySQL can read a default database password from an environment variable called MYSQL_PWD.

Rationale:

The use of the MYSQL_PWD environment variable implies the clear text storage of MySQL credentials. Avoiding this may increase assurance that the confidentiality of MySQL credentials is preserved.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|16.4

Plugin: Windows

Control ID: 27a9accd2add09344e6618176ce7e72e7733c3d3115ae3984b9b52355be09b11