It's possible to execute both db.shutdownServer() and rs.stepDown() without authenticating remotely even when authentication is enabled.
It's possible to invoke certain admin operations remotely without authentication
- Assignee:
- Kristina Chodorow (Inactive)
- Reporter:
- Vishy Karra
- Votes:
-
0 Vote for this issue
- Watchers:
-
4 Start watching this issue
- Created:
- Updated:
- Resolved: