[CASSANDRA-18420] Connection without username not logged in auditlog - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: In Progress
Priority: Normal
Resolution: Unresolved
Fix Version/s: 4.0.x, 4.1.x, 5.x
Component/s: Tool/auditlogging
Labels:
None

Bug Category:
Correctness
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None

Description

Hi,
If making connection without username to cassandra cluster with PasswordAuthenticator enabled,
Connection will fail but not logged on auditlog.

How to reproduce:

Enable "authenticator: PasswordAuthenticator" on cluster
Enable audit : "nodetool enableauditlog"
Open a new screen and run "auditlogviewer -f <log_location>/audit/"

Try to connect, and connection will fail:

[root@c1 ~]# cqlsh
Connection error: ('Unable to connect to any servers', {'127.0.0.1:9042': AuthenticationFailed('Remote end requires authentication',)})

But nothing in auditlogviewer.

Connection with incorrect usernames or password logged correct on auditlog , the problem only on connection without username.

How it's affecting:

Security reason, hard to find unauthorized connections attempt .
When migrating cluster into PasswordAuthenticator, hard to find applications that didn't add username/password.

Thank you.

Attachments

Activity

People

Assignee:: Ningzi Zhan

Reporter:: Yakir Gibraltar

Authors:: Ningzi Zhan

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 03/Apr/23 11:58

Updated:: 06/May/23 12:09