[SERVER-14614] Race condition in authentication could allow someone to authenticate as a different but same named user Created: 18/Jul/14  Updated: 12/Jul/17  Resolved: 19/Jun/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

In authentication_commands.cpp we load a user object, copy its credentials, release it, check if the credentials match and if so re-acquire the user object and add it to our list of authenticated users.

There is an (unlikely to hit) race here where if a client begins an authentication as a user, and while doing so that user is dropped and a new user with the same name but a different password and different privileges is added, the client authenticating with the credentials of the first user could wind up authenticating successfully as the second user.



 Comments   
Comment by Spencer Jackson [ 19/Jun/17 ]

Yes. The solution for SECURITY-445 was actually more comprehensive, as it prevented re-authorization of already authenticated users from encountering this same issue. I'm going to close this out as "Gone Away" with no further public comment, because SERVER-28190 was not backported to 3.4 or earlier.

Generated at Thu Feb 08 03:35:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.