Able to hit 4lw (added to whitelist) without authentication even when auth is enforced. Why authentication check not done here?
Do 4lw commands provide only insensitive metrics? I could not find any document stating 4lw commands does not return sensitive information. if it does return sensitive information why not do authentication checks while executing the commands? We have a setup which already has SASL authentication enforced. just to run 'stat' command should we enable TLS?
