Bug 2333073

Summary: RabbitMQ: a Fedora-specific patch allows for remote connections with default, well known administrative credentials
Product: [Fedora] Fedora Reporter: Michael Klishin <michaelklishin>
Component: rabbitmq-serverAssignee: Peter Lemenkov <lemenkov>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: rawhideCC: lemenkov, rjones
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://src.fedoraproject.org/rpms/rabbitmq-server/blob/rawhide/f/rabbitmq-server-0001-Allow-guest-login-from-non-loopback-connections.patch
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-01-02 14:54:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Klishin 2024-12-18 19:44:54 UTC 
I am a RabbitMQ core team member and a long time contributor.

By default, RabbitMQ seeds its internal database with a set of well known (unless overridden) pair of credentials. Remote connections for such users are intentionally prohibited for obvious security reasons [1].

Fedora has been patching RabbitMQ to allow such connections [2] since 2014.

This has obvious security implications for installations that install RabbitMQ from the default Fedora repositories, and intentionally violates a recommended security practice [3].

On behalf of the RabbitMQ core team I'd recommend removing the patch. Overriding default user credentials to something Fedora-specific won't matter much, this is up to cluster operators to use a generated set of credentials.

This has some negative effects on the user experience for beginners but this default restriction has been in place for some 15 years (if not longer), is widely known and documented in several RabbitMQ documentation guies.

It's high time that Fedora stops intentionally introducing a very unsafe default.

1. https://www.rabbitmq.com/docs/access-control#loopback-users
2. https://src.fedoraproject.org/rpms/rabbitmq-server/blob/rawhide/f/rabbitmq-server-0001-Allow-guest-login-from-non-loopback-connections.patch
3. https://www.rabbitmq.com/docs/production-checklist#users

Reproducible: Always

Steps to Reproduce:
1. dnf install rabbitmq-server
2. rabbitmq-diagnostics environment
3. see the value of the loopback_users key on a brand new node without any configuration customization


Expected Results:  
Fedora-packaged RabbitMQ is not patched with https://src.fedoraproject.org/rpms/rabbitmq-server/blob/rawhide/f/rabbitmq-server-0001-Allow-guest-login-from-non-loopback-connections.patch.

I intentionally set severity to Urgent because to me, this patch is a catastrophically bad decision.
Comment 1 Richard W.M. Jones 2025-01-02 14:54:42 UTC 

*** This bug has been marked as a duplicate of bug 2333072 ***