You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Rakesh Kumar Singh (JIRA)" <ji...@apache.org> on 2016/09/14 13:39:20 UTC

[jira] [Created] (ZOOKEEPER-2582) When addauth twice for same user but different password, it is adding 2 digest corresponding to both username, password and so we can able to access znode with user and any of these password which does not seem to be correct

Rakesh Kumar Singh created ZOOKEEPER-2582:
---------------------------------------------

             Summary: When addauth twice for same user but different password, it is adding 2 digest corresponding to both username, password and so we can able to access znode with user and any of these password which does not seem to be correct
                 Key: ZOOKEEPER-2582
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2582
             Project: ZooKeeper
          Issue Type: Bug
          Components: server
    Affects Versions: 3.5.1
            Reporter: Rakesh Kumar Singh


When addauth twice for same user but different password, it is adding 2 digest corresponding to both username, password and so we can able to access znode with user and any of these password which does not seem to be correct

Steps:-
[zk: localhost:2181(CONNECTED) 0] addauth digest user1:pass1
[zk: localhost:2181(CONNECTED) 1] addauth digest user1:pass

[zk: localhost:2181(CONNECTED) 9] create /user_test5 hello
Created /user_test5
[zk: localhost:2181(CONNECTED) 10] setAcl /user_test5 auth:user1:pass1:crdwa
[zk: localhost:2181(CONNECTED) 11] getAcl /user_test5
'digest,'user1:+7K83PhyQ3ijGj0ADmljf0quVwQ=
: cdrwa
'digest,'user1:UZIsvOKp29j8vAahJzjgpA1VTOk=
: cdrwa


Here we can see 2 entries for same user (user1) with different password

Now disconnect the client and connect again using zkCli.sh
addauth digest user1:<any of 2 password>, we can able to access the znode.

[zk: localhost:2181(CONNECTED) 0] get /user_test5
Authentication is not valid : /user_test5
[zk: localhost:2181(CONNECTED) 1] addauth digest user1:pass
[zk: localhost:2181(CONNECTED) 2] get /user_test5
hello

Same way, it will allow n number of entry if we addauth for same user with n number of password




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)