Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
Fully Compatible
-
ALL
Description
In authentication_commands.cpp we load a user object, copy its credentials, release it, check if the credentials match and if so re-acquire the user object and add it to our list of authenticated users.
There is an (unlikely to hit) race here where if a client begins an authentication as a user, and while doing so that user is dropped and a new user with the same name but a different password and different privileges is added, the client authenticating with the credentials of the first user could wind up authenticating successfully as the second user.