Details
-
Bug
-
Resolution: Won't Do
-
Major
-
Morpheus, 6.6.4, 7.0.3, 7.1.0
-
Triaged
-
1
-
Unknown
Description
Because the response on the first stage of SCRAM-SHA authentication is always 401. The second stage request built using headers from the first stage response is the one that should be audited.
We still should log 401 to the access log though.
As seen in CBSE-11753