Description

RethinkDB is an open-source database that makes use of JSON documents with dynamic schemas for real-time data processing.

A new RethinkDB cluster always has one user named admin; this user always has all permissions at a global scope, and the user cannot be deleted. By default, the admin user has no password.

Remediation

Configure RethinkDB to listen only on the local interface and set a strong password for the admin user. You can change the password for the admin user by updating the admin user document, or by specifying the --initial-password command line option on startup.

References

Related Vulnerabilities