7.6 Ensure No Users Have Wildcard Hostnames

Information

MySQL can make use of host wildcards when granting permissions to users on specific databases. For example, you may grant a given privilege to '<user>'@'%'.

Rationale:

Avoiding the use of wildcards within hostnames helps control the specific locations from which a given user may connect to and interact with the database.

Solution

Perform the following actions to remediate this setting:

Enumerate all users returned after running the audit procedure.

Either ALTER the user's host to be specific or DROP the user.

See Also

https://workbench.cisecurity.org/benchmarks/10139

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: MySQLDB

Control ID: 63d897eca57a5c842f65a340ae31c0a0f7b1d4883a8edf63349c244096f1ec00