AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-06-10 · Documentation low

File: AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md

Summary

Added documentation on creating users with the caching_sha2_password authentication plugin in Aurora MySQL 3, despite the default remaining mysql_native_password.

Security assessment

The change documents how to use a more secure authentication plugin (caching_sha2_password) for new users, improving security practices. However, there is no evidence of addressing a specific security vulnerability in the diff.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md b/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md
index fbf23f2b5..976e1d152 100644
--- a//AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md
+++ b//AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Compare-80-v3.md
@@ -253 +253,5 @@ For more information on binlog replication, see [Replication between Aurora and
-In community MySQL 8.0, the default authentication plugin is `caching_sha2_password`. Aurora MySQL version 3 still uses the `mysql_native_password` plugin. You can't change the `default_authentication_plugin` setting.
+In community MySQL 8.0, the default authentication plugin is `caching_sha2_password`. Aurora MySQL version 3 still uses the `mysql_native_password` plugin. You can't change the `default_authentication_plugin` setting. You can, however, create new users and alter current users, and their individual passwords use the new authentication plugin. Following is an example.
+    
+    
+    mysql> CREATE USER 'testnewsha'@'%' IDENTIFIED WITH caching_sha2_password BY 'aNewShaPassword';
+    Query OK, 0 rows affected (0.74 sec)