Mike Adamson created CASSANDRA-7513: ---------------------------------------
Summary: Non-superuser users should not be able to list users Key: CASSANDRA-7513 URL: https://issues.apache.org/jira/browse/CASSANDRA-7513 Project: Cassandra Issue Type: Bug Components: Core Reporter: Mike Adamson Fix For: 2.0.10 ListUserStatement allows any logged in user to list all the users in the system. This is a security flaw as it allows non-superusers to get a list of superusers. There is no reason to allow non-superusers to get a list users because all the authentication functionality that manipulates users is only available to superusers. -- This message was sent by Atlassian JIRA (v6.2#6252)