A unique database name and a unique MySQL user with a secure password must be created for use in Jamf Pro EMM.
An XCCDF Rule
Description
<VulnDiscussion>If the default MySQL database name and password are not changed an adversary could gain unauthorized access to the application which could lead to the compromise of sensitive DoD data. SFR ID: FMT_SMF.1(2)b. / IA-5(1)(c) Satisfies: SRG-APP-000171</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-241800r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Create a unique database name and a unique MySQL user with a secure password. The procedure is found in the following Jamf Knowledge Base article:
https://www.jamf.com/jamf-nation/articles/542/title