1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profile

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

MySQL can read a default database password from an environment variable called MYSQL_PWD.

Solution

Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method.

See Also

https://workbench.cisecurity.org/files/1622