<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:57:17 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-2462] Unauthenticated LDAP user gaining db access</title>
                <link>https://jira.mongodb.org/browse/JAVA-2462</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;While testing a program that instantiates a MongoClient instance for the user a came across the following:&lt;/p&gt;

&lt;p&gt;1) the MongoClient does not perform any authentication when being created&lt;br/&gt;
2) authentication occurs when a command is being executed on the MongoClient&lt;/p&gt;

&lt;p&gt;I want to check if provided credentials are valid before returning the MongoClient to the user, so I began testing to see what command would throw an exception if the credentials were incorrect.&lt;/p&gt;

&lt;p&gt;During one of my tests I observed the following:&lt;br/&gt;
1) a MongoClient that was created with invalid credentials was capable of connecting to our db, listing out the collections, and listing out the documents within those collections.&lt;/p&gt;

&lt;p&gt;this MongoClient is being instantiated with a MongoClientURI which contains the username and password. The users are authenticated using LDAP. &lt;/p&gt;</description>
                <environment>OSX 10.11.16, mongodb-driver (3.2.1), mongodb-driver-core (3.2.1), bson (3.2.1), java version &amp;quot;1.8.0_112&amp;quot;, Java(TM) SE Runtime Environment (build 1.8.0_112-b16), Java HotSpot(TM) 64-Bit Server VM (build 25.112-b16, mixed mode)</environment>
        <key id="362113">JAVA-2462</key>
            <summary>Unauthenticated LDAP user gaining db access</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="marnett">Mitchell Arnett</reporter>
                        <labels>
                    </labels>
                <created>Tue, 7 Mar 2017 15:44:35 +0000</created>
                <updated>Tue, 7 Mar 2017 15:45:57 +0000</updated>
                            <resolved>Tue, 7 Mar 2017 15:45:57 +0000</resolved>
                                    <version>3.2.1</version>
                                                    <component>Authentication</component>
                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="1517843" author="marnett" created="Tue, 7 Mar 2017 15:45:15 +0000"  >&lt;p&gt;this is an accidental duplicate of JAVA-2461&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hswbj3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>