Redis Enterprise DBMS must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

An XCCDF Rule

Description

<VulnDiscussion>Redis Enterprise allows the user to configure unique users per role. Review roles and ensure roles use unique organizational principles per user to the database. Redis does come with a default user for backwards compatibility. This user may be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251222r960969_rule
Severity: Medium
References: CCI-000764
Updated: 17 days ago

To fix this issue perform the following actions:

To audit this configuration:
1. Log in to Redis Enterprise Administrative Control Plane.
2. Go to databases tab.
3. Select each database and review the configuration by selecting edit.4. Deselect the default database access tab.

This configuration will break applications designed for use with Redis 5 prior to ACLs.

Redis Enterprise DBMS must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

Description

Remediation - Manual Procedure