MapR Installer MySQL Credentials

This section describes a vulnerability in the MapR Installer.

Vulnerability A security vulnerability exists in MapR Installer versions before 1.6, which are distributed and supported by MapR.
Details MapR Installer does not secure the MySQL root account credentials when configured with a MySQL database for service dependencies with MapR ecosystem components such as Hive or Oozie. All new clusters built with MapR Installer version 1.6 or later will not have this issue.
Products Affected MapR Installer versions earlier than 1.6.
Impact A MapR Installer vulnerability does not set MySQL root account credentials leaving the database vulnerable to unauthorized access and resultant loss of data confidentiality and integrity.
Severity High
Bug Tracking MapR defect 27419 and MapR JIRA IN-342
Immediate Action Required Customers should set the root account password on all existing installer created clusters and download and use MapR Installer 1.6 included in the MEP 3.0.1 release from package.mapr.com/releases/MEP. However, only moving to the 1.6 installer is not sufficient because it will not correct the password on existing installations. For example, you must reset the root password for MySQL.
References For related information, see MySQL 5.7 Reference Manual, How to Reset the Root Password.