Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13513

Unauthorized user able to run show dbs

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security, Shell
    • None
    • ALL
    • Hide

      Pre-requisite :

      a. User in admin database
      b. User in any other database

      Steps:
      1. Authenticate against admin database
      2. Execute show dbs command to list all the databases in Mongo.As this is the admin user it has the privilege to list all the dbs.
      3. Authenticate against other database containing different user
      4. Execute show dbs command - This time it should give an error as local user for any other databases other than admin cannot list all the databases present in mongo

      Show
      Pre-requisite : a. User in admin database b. User in any other database Steps: 1. Authenticate against admin database 2. Execute show dbs command to list all the databases in Mongo.As this is the admin user it has the privilege to list all the dbs. 3. Authenticate against other database containing different user 4. Execute show dbs command - This time it should give an error as local user for any other databases other than admin cannot list all the databases present in mongo

    Description

      While switching between the users, the cache does not get refreshed automatically. It stores the first authenticated users privilege data.

      Attachments

        Activity

          People

            rassi J Rassi
            pgadiya@us.ibm.com Pratik Gadiya
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: