The MySQL DatabasePassword key must be removed or set to a blank value in the database configuration file in Jamf Pro EMM.

An XCCDF Rule

Description

<VulnDiscussion>If the database password is not removed or set to a blank value in the configuration file, the user is not forced to enter the password, which would allow an adversary to access to access the database. SFR ID: FMT_SMF.1(2)b. / CM-5(10) Satisfies: SRG-APP-000380</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-241803r879887_rule
Severity: Medium
References: CCI-001813
Updated: about 1 year ago

Remove the MySQL <DatabasePassword> key or set to a blank value in Jamf Pro EMM.

If the database password is removed from the configuration file, the database password must be entered manually for the Jamf Pro EMM server web app during startup. In a clustered environment, the database password must be entered manually for each individual node.

Note: Default values are included below for reference only. Use unique values in production environments.
<Database>
...
<DatabaseName>jamfsoftware</DatabaseName>
<DatabaseUser>jamfsoftware</DatabaseUser>
<DatabasePassword></DatabasePassword>
...
</Database>

The MySQL DatabasePassword key must be removed or set to a blank value in the database configuration file in Jamf Pro EMM.

Description

Remediation - Manual Procedure