7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %WINDIR%\my.cnf

Information

NO_AUTO_CREATE_USER is an option for sql_mode that prevents a GRANT statement from automatically creating a user when authentication information is not provided.

Rationale:

Blank passwords negate the benefits provided by authentication mechanisms. Without this setting an administrative user might accidentally create a user without a password.

Solution

Perform the following actions to remediate this setting:

Open the MySQL configuration file (my.cnf)

Find the sql_mode setting in the [mysqld] area

Add the NO_AUTO_CREATE_USER to the sql_mode setting

Default Value:

ONLY_FULL_GROUP_BY STRICT_TRANS_TABLES NO_ZERO_IN_DATE NO_ZERO_DATE ERROR_FOR_DIVISION_BY_ZERO NO_AUTO_CREATE_USER NO_ENGINE_SUBSTITUTION

See Also

https://workbench.cisecurity.org/files/3855

Item Details

Category: PLANNING, SYSTEM AND SERVICES ACQUISITION

References: 800-53|PL-8, 800-53|SA-8

Plugin: Windows

Control ID: 24cb9fcc2856ea9c4b128385aaeb4f9187d003d4ac2fc626fde489c8dda76109