Bug 2333072

I am a RabbitMQ core team member and a long time contributor.

By default, RabbitMQ seeds its internal database with a set of well known (unless overridden) pair of credentials. Remote connections for such users are intentionally prohibited for obvious security reasons [1].

Fedora has been patching RabbitMQ to allow such connections [2] since 2014.

This has obvious security implications for installations that install RabbitMQ from the default Fedora repositories, and intentionally violates a recommended security practice [3].

On behalf of the RabbitMQ core team I'd recommend removing the patch. Overriding default user credentials to something Fedora-specific won't matter much, this is up to cluster operators to use a generated set of credentials.

This has some negative effects on the user experience for beginners but this default restriction has been in place for some 15 years (if not longer), is widely known and documented in several RabbitMQ documentation guies.

It's high time that Fedora stops intentionally introducing a very unsafe default.

1. https://www.rabbitmq.com/docs/access-control#loopback-users
2. https://src.fedoraproject.org/rpms/rabbitmq-server/blob/rawhide/f/rabbitmq-server-0001-Allow-guest-login-from-non-loopback-connections.patch
3. https://www.rabbitmq.com/docs/production-checklist#users

Reproducible: Always

Steps to Reproduce:
1. dnf install rabbitmq-server
2. rabbitmq-diagnostics environment
3. see the value of the loopback_users key on a brand new node without any configuration customization


Expected Results:  
Fedora-packaged RabbitMQ is not patched with https://src.fedoraproject.org/rpms/rabbitmq-server/blob/rawhide/f/rabbitmq-server-0001-Allow-guest-login-from-non-loopback-connections.patch.

I intentionally set severity to Urgent because to me, this patch is a catastrophically bad decision.