You may have received an email from the AWS Marketplace indicating a possible vulnerability in Cloud Protection Manager. The content of that email is included at the bottom of this article.
IMPORTANT: Your data was not breached and is not in any danger of being breached.
This is a very low risk issue because:
If you are concerned about this issue, you can take the following steps to change the password and delete the file:
mysql -u debian-sys-maint -p%oldpassword%
(replace %oldpassword% with the password listed in /etc/mysql/debian.cnf)
SET PASSWORD = PASSWORD('%newpassword%');
(replace %newpassword% with the new password)
(to exit from MySQL)
sudo rm /etc/mysql/debian.cnf
Now the password is no longer the default one, and it's not contained in clear text form anywhere.
CPM doesn't use this file, user "debian-sys-maint" is managed by the MySQL update process.
Please note that if you will run "sudo apt-get dist-upgrade" in the future, this file may be recreated by Ubuntu (with a new random password), and you may have to repeat this procedure again.
In CPM versions newer than 2.1.3b, this file doesn't exist by default, but can still be created by "sudo apt-get dist-upgrade"
Email sent from AWS Marketplace:
Dear AWS Marketplace Subscriber,
We are writing to notify you that we have recently identified the presence of a password in the following product you have subscribed to:
Cloud Protection Manager Free Trial & BYOL Edition
The password for the MySQL user "debian-sys-maint" can be found in the following location: /etc/mysql/debian.cnf
As of Oct 20th, we have identified that you have running instances of the above product. If you have not already done so, we highly recommend you reset this password.
If you have additional questions about your software please contact N2W Software directly at: http://www.n2ws.com/support/support.html
--The AWS Marketplace Team