cancel
Showing results for 
Search instead for 
Did you mean: 

Neo4j users authentication open for all users after upgrade from neo4j 3.5

vinitpayal
Node Link

We are using docker container to run our neo4j by mounting data and plugins folder, in plugins we are using only apoc which we have upgraded to apoc-4.0.0.2-all.jar and no issues in it.

Issue we were facing was of using old credentials which weren't working so had renamed auth and roles file to auth_1 and roles_1 and initialised passwords using neo4j-admin set-initial-password <password>.

After executing above command a file inside data/dbms/auth.ini got generated but after generation of this authentication doesn't work and any body can login using any user name & password combination.

Below is how dbms folder looks

Below is how show users query returns

roles list query returns empty results as below

Now users listed in the query above were created using below

CREATE USER christian
SET PASSWORD '$password' CHANGE REQUIRED

Now unintended users able to login in the neo4j is very very dangerous as it contains very very sensitive data, any help here would be very very helpful.

0 REPLIES 0