This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Neo4j users authentication open for all users after upgrade from neo4j 3.5

vinitpayal
Node Link

‎02-07-2020 04:01 AM

We are using docker container to run our neo4j by mounting data and plugins folder, in plugins we are using only apoc which we have upgraded to apoc-4.0.0.2-all.jar and no issues in it.

Issue we were facing was of using old credentials which weren't working so had renamed auth and roles file to auth_1 and roles_1 and initialised passwords using neo4j-admin set-initial-password <password>.

After executing above command a file inside data/dbms/auth.ini got generated but after generation of this authentication doesn't work and any body can login using any user name & password combination.

Below is how dbms folder looks

2X_1_11ee8a7ff41fb5f70fd19dbd662aac4042e20460.png

Below is how show users query returns

2X_2_23a5df8d60df486cf31819d707319ebd357effb4.png

roles list query returns empty results as below

2X_9_98bd095066d10e6aa83ecbacf74fca1cf740383e.png

Now users listed in the query above were created using below

CREATE USER christian
SET PASSWORD '$password' CHANGE REQUIRED

Now unintended users able to login in the neo4j is very very dangerous as it contains very very sensitive data, any help here would be very very helpful.

0 Kudos
Reply
0 REPLIES 0
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays