We are using docker container to run our neo4j by mounting data and plugins folder, in plugins we are using only apoc which we have upgraded to apoc-188.8.131.52-all.jar and no issues in it.
Issue we were facing was of using old credentials which weren't working so had renamed auth and roles file to auth_1 and roles_1 and initialised passwords using neo4j-admin set-initial-password <password>.
After executing above command a file inside data/dbms/auth.ini got generated but after generation of this authentication doesn't work and any body can login using any user name & password combination.
Below is how dbms folder looks
Below is how show users query returns
roles list query returns empty results as below
Now users listed in the query above were created using below
CREATE USER christian
SET PASSWORD '$password' CHANGE REQUIRED
Now unintended users able to login in the neo4j is very very dangerous as it contains very very sensitive data, any help here would be very very helpful.