Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3773

It's possible to invoke certain admin operations remotely without authentication

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.0.0, 2.1.0
    • Affects Version/s: 1.9.0
    • Component/s: Security
    • None
    • ALL
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      It's possible to execute both db.shutdownServer() and rs.stepDown() without authenticating remotely even when authentication is enabled.

            Assignee:
            kristina Kristina Chodorow (Inactive)
            Reporter:
            vishy Vishy Karra (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:
              None
              None
              None
              None