Can a malicious user connect as admin / admin?

I’m learning search-guard recently.

Is that possible?

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

This is like configuring a Linux system with a user root/root. Of course, if someone has access to a root/admin user because the attacker knows the password, you are screwed. The shipped demo configuration is what it says, a configuration you can use to quickly set up a PoC or for testing purposes. Of course you should never use it on any production system!

···

On Friday, September 7, 2018 at 9:36:11 PM UTC+2, garino wrote:

I’m learning search-guard recently.

Is that possible?

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
  • Installed and used enterprise modules, if any
  • JVM version and operating system version
  • Search Guard configuration files
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any