Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.Original topic: 等保扫描漏洞
|
username: TiDBer_aZrsY0ca
How to solve these issues found in the security assessment scan?
|
username: TiDBer_aZrsY0ca
|
username: You can directly change the MySQL version number. This vulnerability is actually unrelated to TiDB and is used for compatibility purposes. Refer to this:
|
username: Find someone who specializes in compliance; they make money from this.
|
username: Upgrading the TiDB version is useless. The security scan treats TiDB as MySQL, and the MySQL version number is only used for compatibility and has no practical significance. The vulnerabilities detected are not actually TiDB vulnerabilities, so you can bypass the scan by directly changing the MySQL version number in TiDB.
|
username: 
|
username: 
This is all the result of predecessors’ step-by-step efforts.
How to check the MySQL version corresponding to TiDB through SELECT VERSION();? If the result is 8.0.11-TiDB-v7.4.0, does it mean that the TiDB version corresponds to 8.0.11?
TiDB is version 7.4.0, and MySQL is 8.0.11. The security vulnerability scan shows vulnerabilities present in MySQL 8.0.11. Updating to the latest version of MySQL should resolve these issues.
|
username: Modify the configuration server-version to make the scan unable to identify the corresponding version.
|
username: Change the version number. I changed 5.7 to 5.7.99. Now that it’s compatible with MySQL 8, change it to 8.0.99, and nothing will be reported for compliance.
|
username: Changing it to something that doesn’t exist means it’s impossible to detect vulnerabilities. Changing it to something that exists means vulnerabilities will eventually be detected.
|
username: 
|
username: 
|
username: 
|
username: The vulnerabilities found during compliance scans are generally difficult to resolve. Upgrading to the latest version will address some of the issues, but not all of them.