[JAVA-2462] Unauthenticated LDAP user gaining db access Created: 07/Mar/17 Updated: 07/Mar/17 Resolved: 07/Mar/17 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Authentication |
| Affects Version/s: | 3.2.1 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mitchell Arnett | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
OSX 10.11.16, mongodb-driver (3.2.1), mongodb-driver-core (3.2.1), bson (3.2.1), java version "1.8.0_112", Java(TM) SE Runtime Environment (build 1.8.0_112-b16), Java HotSpot(TM) 64-Bit Server VM (build 25.112-b16, mixed mode) |
||
| Description |
|
While testing a program that instantiates a MongoClient instance for the user a came across the following: 1) the MongoClient does not perform any authentication when being created I want to check if provided credentials are valid before returning the MongoClient to the user, so I began testing to see what command would throw an exception if the credentials were incorrect. During one of my tests I observed the following: this MongoClient is being instantiated with a MongoClientURI which contains the username and password. The users are authenticated using LDAP. |
| Comments |
| Comment by Mitchell Arnett [ 07/Mar/17 ] |
|
this is an accidental duplicate of JAVA-2461 |