Unauthorized user able to run show dbs

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Done
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security, Shell
    • None
    • ALL
    • Hide

      Pre-requisite :

      a. User in admin database
      b. User in any other database

      Steps:
      1. Authenticate against admin database
      2. Execute show dbs command to list all the databases in Mongo.As this is the admin user it has the privilege to list all the dbs.
      3. Authenticate against other database containing different user
      4. Execute show dbs command - This time it should give an error as local user for any other databases other than admin cannot list all the databases present in mongo

      Show
      Pre-requisite : a. User in admin database b. User in any other database Steps: 1. Authenticate against admin database 2. Execute show dbs command to list all the databases in Mongo.As this is the admin user it has the privilege to list all the dbs. 3. Authenticate against other database containing different user 4. Execute show dbs command - This time it should give an error as local user for any other databases other than admin cannot list all the databases present in mongo
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      While switching between the users, the cache does not get refreshed automatically. It stores the first authenticated users privilege data.

            Assignee:
            J Rassi (Inactive)
            Reporter:
            Pratik Gadiya
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: