Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3768

db.addUser() appears in shell history, with cleartext passwords

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.4, 2.1.1
    • Component/s: Security, Shell
    • Labels:
      None

      Description

      See below - I can retrieve my addUser lines with the up arrow.

      Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
      MongoDB shell version: 2.0.0-rc2-pre-
      connecting to: test
      > db.addUser( 'aaron', 'mypass' )

      { "n" : 0, "connectionId" : 2, "err" : null, "ok" : 1 }

      {
      "user" : "aaron",
      "readOnly" : false,
      "pwd" : "8c875bb39fcf051edc876c0ee71d5585",
      "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e")
      }
      > db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow
      {
      "updatedExisting" : true,
      "n" : 1,
      "connectionId" : 2,
      "err" : null,
      "ok" : 1
      }
      {
      "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"),
      "user" : "aaron",
      "readOnly" : false,
      "pwd" : "8c875bb39fcf051edc876c0ee71d5585"
      }
      >
      bye
      Aaron-Staples-MacBook-Pro:mongo aaron$ ./mongo
      MongoDB shell version: 2.0.0-rc2-pre-
      connecting to: test
      > db.addUser( 'aaron', 'mypass' ) <<<-------- Got this one by pressing up arrow
      {
      "updatedExisting" : true,
      "n" : 1,
      "connectionId" : 4,
      "err" : null,
      "ok" : 1
      }
      {
      "_id" : ObjectId("4e668f1dd04af0d2e2b8b83e"),
      "user" : "aaron",
      "readOnly" : false,
      "pwd" : "8c875bb39fcf051edc876c0ee71d5585"
      }
      >

        Attachments

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: