Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14614

Race condition in authentication could allow someone to authenticate as a different but same named user

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • None
    • Fully Compatible
    • ALL

    Description

      In authentication_commands.cpp we load a user object, copy its credentials, release it, check if the credentials match and if so re-acquire the user object and add it to our list of authenticated users.

      There is an (unlikely to hit) race here where if a client begins an authentication as a user, and while doing so that user is dropped and a new user with the same name but a different password and different privileges is added, the client authenticating with the credentials of the first user could wind up authenticating successfully as the second user.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: