Root discovery disclosing the internal IP and port

ammylovetodie · September 3, 2021, 1:01pm

Hi All,

We have installed the neo4j community version 4.2.3.

Currently, We are facing security issue where when we are send a GET request on / context. we are getting the internal connection detail.

[root@localhost package]# curl -XGET https://localhost:31474/
{
"bolt_routing" : "neo4j://localhost:7687",
"transaction" : "https://localhost:31474/db/{databaseName}/tx",
"bolt_direct" : "bolt://localhost:7687",
"neo4j_version" : "4.2.3",
"neo4j_edition" : "community"
}[root@localhost package]#

is there any way to solve this issue we tried the dbms.security.auth_enabled=true it is working for all the context (e.g. /db etc) but not working for / context.
After enabling the properties still without passing usrename and password we are able to get the response on / context

Thanks
Amritpal Singh

ammylovetodie · September 24, 2021, 5:39am

Hello Team,

can you please help on this

Topic		Replies	Views
Root discovery disclosing the internal IP and port of neo4j General	2	300	September 29, 2021
Port opening for a Neo4J server (Community Edition) Neo4j Graph Platform	0	225	January 17, 2022
Neo4j browser Issue Neo4j Graph Platform	4	561	March 3, 2021
Neo4j Protocol Connection Issue Integrations migrated	2	281	October 18, 2022
Start neo4j-4.1.2 server in IDEA, but browser can not access(404 error) Neo4j Graph Platform	1	424	January 31, 2021

Root discovery disclosing the internal IP and port

Currently, We are facing security issue where when we are send a GET request on / context. we are getting the internal connection detail.

Related topics