---
id: a0b33672-6481-11ee-8c99-0242ac120002
---

# Identification of Nodes Using Default Cassandra User
---

This incident type refers to the identification of nodes in a Cassandra database that are using the default Cassandra user. This leaves the database vulnerable to security breaches, as the default user has wide-ranging access to the database. If this issue is not addressed, it can lead to data theft or unauthorized access to sensitive information. Proper configuration and management of user permissions is essential to mitigate this risk.

### Parameters
```shell
export CASSANDRA_CONNECTION_SCRIPT="PLACEHOLDER"

export CASSANDRA_LOGS="PLACEHOLDER"

export NEW_PASSWORD="PLACEHOLDER"

export NEW_USERNAME="PLACEHOLDER"
```

## Debug

### 1. Check if Cassandra is running
```shell
systemctl status cassandra
```

### 2. Check the Cassandra configuration file
```shell
cat /etc/cassandra/cassandra.yaml
```

### 3. Check if the default user is enabled
```shell
grep 'authenticator: AllowAllAuthenticator' /etc/cassandra/cassandra.yaml
```

### 4. Check if the default user is being used to connect to Cassandra
```shell
grep 'cassandra' ${CASSANDRA_CONNECTION_SCRIPT}
```

### 5. Check if any other users are being used to connect to Cassandra
```shell
grep 'username' ${CASSANDRA_CONNECTION_SCRIPT}
```

### 6. Check if any unauthorized access has been made to Cassandra
```shell
grep 'Authentication error' ${CASSANDRA_LOGS}
```

### 7. Check if any unauthorized access has been made to the system
```shell
grep 'Failed password' /var/log/auth.log
```

## Repair

### Change the default username and password of the Cassandra database to a unique, complex, and secure one.
```shell
bash

#!/bin/bash



# Define variables

NEW_USERNAME=${NEW_USERNAME}

NEW_PASSWORD=${NEW_PASSWORD}



# Stop Cassandra service

sudo systemctl stop cassandra



# Update cassandra.yaml configuration file

sudo sed -i "s/authenticator: org.apache.cassandra.auth.AllowAllAuthenticator/authenticator: org.apache.cassandra.auth.PasswordAuthenticator/" /etc/cassandra/cassandra.yaml



# Generate password hash

PASSWORD_HASH=$(echo -n $NEW_PASSWORD | md5sum | awk '{print $1}')



# Update cassandra-users.properties file

sudo bash -c "echo $NEW_USERNAME:$PASSWORD_HASH >> /etc/cassandra/cassandra-users.properties"



# Start Cassandra service

sudo systemctl start cassandra



# Verify Cassandra service is running

sudo systemctl status cassandra


```


This incident type refers to the identification of nodes in a Cassandra database that are using the default Cassandra user. This leaves the database vulnerable to security breaches, as the default user has wide-ranging access to the database. If this issue is not addressed, it can lead to data theft or unauthorized access to sensitive information. Proper configuration and management of user permissions is essential to mitigate this risk.


```shell
export CASSANDRA_CONNECTION_SCRIPT="PLACEHOLDER"

export CASSANDRA_LOGS="PLACEHOLDER"

export NEW_PASSWORD="PLACEHOLDER"

export NEW_USERNAME="PLACEHOLDER"
```


### 1. Check if Cassandra is running

```shell
systemctl status cassandra
```

### 2. Check the Cassandra configuration file

```shell
cat /etc/cassandra/cassandra.yaml
```

### 3. Check if the default user is enabled

```shell
grep 'authenticator: AllowAllAuthenticator' /etc/cassandra/cassandra.yaml
```

### 4. Check if the default user is being used to connect to Cassandra

```shell
grep 'cassandra' ${CASSANDRA_CONNECTION_SCRIPT}
```

### 5. Check if any other users are being used to connect to Cassandra

```shell
grep 'username' ${CASSANDRA_CONNECTION_SCRIPT}
```

### 6. Check if any unauthorized access has been made to Cassandra

```shell
grep 'Authentication error' ${CASSANDRA_LOGS}
```

### 7. Check if any unauthorized access has been made to the system

```shell
grep 'Failed password' /var/log/auth.log
```


### Change the default username and password of the Cassandra database to a unique, complex, and secure one.

```shell
bash

#!/bin/bash



# Define variables

NEW_USERNAME=${NEW_USERNAME}

NEW_PASSWORD=${NEW_PASSWORD}



# Stop Cassandra service

sudo systemctl stop cassandra



# Update cassandra.yaml configuration file

sudo sed -i "s/authenticator: org.apache.cassandra.auth.AllowAllAuthenticator/authenticator: org.apache.cassandra.auth.PasswordAuthenticator/" /etc/cassandra/cassandra.yaml



# Generate password hash

PASSWORD_HASH=$(echo -n $NEW_PASSWORD | md5sum | awk '{print $1}')



# Update cassandra-users.properties file

sudo bash -c "echo $NEW_USERNAME:$PASSWORD_HASH >> /etc/cassandra/cassandra-users.properties"



# Start Cassandra service

sudo systemctl start cassandra



# Verify Cassandra service is running

sudo systemctl status cassandra


```


Identification of Nodes Using Default Cassandra User

Overview

Parameters

Debug

1. Check if Cassandra is running

2. Check the Cassandra configuration file

3. Check if the default user is enabled

4. Check if the default user is being used to connect to Cassandra

5. Check if any other users are being used to connect to Cassandra

6. Check if any unauthorized access has been made to Cassandra

7. Check if any unauthorized access has been made to the system

Repair

Change the default username and password of the Cassandra database to a unique, complex, and secure one.

Learn more

Related Runbooks

Support