Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.3.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2021-11-01, Security 2021-11-15, Security 2021-11-29, Security 2021-12-13, Security 2021-12-27, Security 2022-01-10
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured. This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.

related to

SERVER-62334 Regression following SERVER-46399

Closed

Assignee:: Adam Rayner
Reporter:: Sara Golemon (Inactive)
Participants:: Adam Rayner, Doug Tarr, Githook User, Sara Golemon, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 12 Start watching this issue

Created:: Feb 25 2020 08:20:55 PM UTC
Updated:: Nov 14 2023 08:10:37 PM UTC
Resolved:: Jan 08 2022 12:55:44 AM UTC
Confidence Status Last Update:: 30/Nov/21 1:04 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates