search

stoneatom / stonedb

StoneDB is an Open-Source MySQL HTAP and MySQL-Native DataBase for OLTP, Real-Time Analytics, a counterpart of MySQLHeatWave. (https://stonedb.io)
https://stonedb.io/
GNU General Public License v2.0
862 stars 139 forks source link

bug: Scuba:Existing Anonymous Accounts #90

Closed shangyanwen closed 2 years ago

shangyanwen commented 2 years ago

Describe the problem

Anonymous accounts are users with no name (''). They allow for default logins and their permissions can sometimes be used by other users. Avoiding the use of anonymous accounts ensures that only trusted principals are capable of interacting with MySQL. Expected behavior

Checks if users with no name exist.Verify and remove anonymous accounts How To Reproduce

1、install Scuba tools,download address:https://www.imperva.com/resources/free-cyber-security-testing-tools/scuba-database-vulnerability-scanner/ 2、Select mysql, fill in the configuration and run it Environment

windows Additional context

image

shangyanwen commented 2 years ago

This is something that the DBA needs to modify at the configuration level