Vinodh created SOLR-13463:
-----------------------------
Summary: Solr admin user credentials defined with -Dbasicauth
property during start is visible in admin UI to any user.
Key: SOLR-13463
URL: https://issues.apache.org/jira/browse/SOLR-13463
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Components: Admin UI
Affects Versions: 7.7.1
Environment: QA
Reporter: Vinodh
We have configured Solr basic authentication in our environment and used
Dbasicauth property to define username:password. Since these property will be
added to Solr startup, the Solr admin username & password details defined with
-Dbasicauth property are displayed in plain text format to all users who are
able to login into admin UI interface in JVM & Java properties sections. So
even a read user who has privileges to login admin UI can able to see admin
user username & password details.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
