Closed InfernalAzazel closed 2 months ago
If you believe you have found a vulnerability in a piece of open source software, the generally appropriate/accepted course of action is to attempt what is called "responsible disclosure" by which you find a way to disclose the (potential) vulnerability privately (as in, not on the public GitHub issue tracker) to the maintaining party. Most projects will have a generally accepted means of receiving reports of this kind in a private forum so that they can do a coordinated disclosure publicly, especially if it is something that affects a lot of users.
All that being said, I do not believe there is a vulnerability here -- what you've shown is that the database still accepts anonymous connections when authentication is enabled, which makes sense and is how this kind of has to work, since it has to have a way for a client to connect and attempt authentication (in other words, a client cannot "authenticate" without first connecting in some way). I believe that's what you're seeing.
server docker-compose.yml
Local testing
Vulnerability scanner classified as CVE-1999-0633