Hi all, please follow the official and well documented guidelines for submitting security related issues: https://docs.couchdb.org/en/stable/cve/index.html
Thanks Jan — Professional Support for Apache CouchDB: https://neighbourhood.ie/couchdb-support/ 24/7 Observation for your CouchDB Instances: https://opservatory.app > On 18. Apr 2022, at 13:25, ermouth <ermo...@gmail.com> wrote: > > One very popular Russian IT resource published a well written description > of a known Erlang cookie vulnerability – with a recipe on how to exploit it > to gain control over Couch. > > Looks like the CouchDB manual isn’t very verbose about that issue, the > only mention is a recommendation about protecting Erlang cookie if a user > has 4369 open. > > Shouldn’t that recommendation be emitted into the CouchDB installer? > > ermouth