Details

MySQL can read a default database password from an environment variable called MYSQL_PWD.

Solution

Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1622

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.

References

• 800-53|IA-5(1)(c)
• CSCv6|16.13
• CSCv6|16.14

Source

• Tenable.com/audits