STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The MySQL Database Server 8.0 must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

DISA Rule

SV-235178r638812_rule

Vulnerability Number

V-235178

Group Title

SRG-APP-000389-DB-000372

Rule Version

MYS8-00-010400

Severity

CAT II

CCI(s)

• CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

10

Fix Recommendation

Modify and/or configure MySQL and related applications and tools so that users are always required to reauthenticate when changing role or escalating privileges.

To make a single user reauthenticate, the following must be present:

KILL CONNECTION processslist_id;

Check Contents

Determine all situations where a user must reauthenticate. Check if the mechanisms that handle such situations use the following SQL:

To make a single user reauthenticate, an existing connection must be present:

To search for a specific user:
SELECT * FROM information_schema.PROCESSLIST where user ='<name> and host like '%';

To review all connections:
SELECT * FROM INFORMATION_SCHEMA.PROCESSLIST;

Note the ID(s) (processlist_id) of the connection(s) for the user that must reauthenticate.

To make a user reauthenticate, run the following for each ID returned above (as they can have multiple connections):

KILL CONNECTION processslist_id;

If the provided SQL does not force reauthentication, this is a finding.

Vulnerability Number

V-235178

Documentable

False

Rule Version

MYS8-00-010400

Severity Override Guidance

Determine all situations where a user must reauthenticate. Check if the mechanisms that handle such situations use the following SQL:

To make a single user reauthenticate, an existing connection must be present:

To search for a specific user:
SELECT * FROM information_schema.PROCESSLIST where user ='<name> and host like '%';

To review all connections:
SELECT * FROM INFORMATION_SCHEMA.PROCESSLIST;

Note the ID(s) (processlist_id) of the connection(s) for the user that must reauthenticate.

To make a user reauthenticate, run the following for each ID returned above (as they can have multiple connections):

KILL CONNECTION processslist_id;

If the provided SQL does not force reauthentication, this is a finding.

Check Content Reference

M

Target Key

5277

Comments