This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Root discovery disclosing the internal IP and port

ammylovetodie
Node

‎09-03-2021 06:01 AM

Hi All,

We have installed the neo4j community version 4.2.3.

Currently, We are facing security issue where when we are send a GET request on / context. we are getting the internal connection detail.

[root@localhost package]# curl -XGET https://localhost:31474/
{
"bolt_routing" : "neo4j://localhost:7687",
"transaction" : "https://localhost:31474/db/{databaseName}/tx",
"bolt_direct" : "bolt://localhost:7687",
"neo4j_version" : "4.2.3",
"neo4j_edition" : "community"
}[root@localhost package]#

is there any way to solve this issue we tried the dbms.security.auth_enabled=true it is working for all the context (e.g. /db etc) but not working for / context.
After enabling the properties still without passing usrename and password we are able to get the response on / context

Thanks
Amritpal Singh

Labels:
0 Kudos
Reply
1 REPLY 1

ammylovetodie
Node

‎09-23-2021 10:39 PM

Hello Team,

can you please help on this

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays