Is this email, "Update 1-Click Credentials" legit?
Hello, I received the following email and wanted to confirm that it is legit.
< TLDR: A long-standing vulnerability has been identified which affects some 1-Clicks running MySQL. We strongly recommend that you run this script to see if your Droplet is impacted and update your credentials if necessary. > If you changed your debian-sys-maint MySQL user credentials upon install, you are not impacted by the vulnerability and no action is required.
Here are the 1-Clicks impacted and potentially remotely exploitable unless you have taken action to change the debian-sys-maint password:
MySQL and PHPMyAdmin
We will be issuing a public notice regarding this issue, but first wanted to ensure our impacted users had time to take action. As part of our verification process, we have discovered that images on other cloud providers also have this mis-configuration. Please consider updating any instances you have there as well; you can use the script we’ve created (it works on Debian and Ubuntu MySQL/MariaDB installations).
We have changed our 1-Clicks to ensure that all future Droplets will have unique, auto-generated passwords for this user.
If you have any questions, please contact our support team.
Background on common images or “1-Clicks”
Cloud providers use common images with pre-installed software to make it easier for users to create new virtual machines (we call them 1-Clicks). Our 1-Clicks are constructed by pre-installing MySQL and other packages into a common image. In the MySQL Debian/Ubuntu packaging, there is an additional MySQL user being created, ‘debian-sys-maint’. This user is intended for local administration purposes and initialized with a random password by the distribution package. However, any Droplet created from this common image will share the same password for the MySQL debian-sys-maint user.