[SERVER-3666] mongod --auth must disable __system access Created: 22/Aug/11  Updated: 11/Jul/16  Resolved: 23/Aug/11

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 1.9.2
Fix Version/s: 1.8.4, 2.0.0-rc0

Type: Bug Priority: Blocker - P1
Reporter: Kristina Chodorow (Inactive) Assignee: Kristina Chodorow (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Comments   
Comment by auto [ 23/Aug/11 ]

Author:

{u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'}

Message: only allow internal user with --keyFile option SERVER-3666
Branch: v1.8
https://github.com/mongodb/mongo/commit/bc8b2ef3cc55a18274920ededbba6e18e99626e4

Comment by Kristina Chodorow (Inactive) [ 23/Aug/11 ]

Credit: thanks to Frazer Lewis of NGS Secure, who discovered and informed us of this bug.

Comment by auto [ 23/Aug/11 ]

Author:

{u'login': u'kchodorow', u'name': u'Kristina', u'email': u'kristina@10gen.com'}

Message: don't allow access to internal user when running with --auth SERVER-3666
Branch: master
https://github.com/mongodb/mongo/commit/51493ee6425646f175718d8320f12550d8743f21

Generated at Thu Feb 08 03:03:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.