RabbitMQ's non-SSL management port (15672) listens on all interfaces

Description

After installation, RabbitMQ enables its management GUI available on port 15672, non-SSL protected and bound to all local interfaces (0.0.0.0).

Should only listen to localhost, and also be SSL-protected.
Or just disabled by default.

Steps to Reproduce

add steps to reproduce

Why Propose Close?

None

Activity

Show:
Guy Offer
February 12, 2018, 9:34 AM

Not for 4.3

Fixed

Assignee

Uri Wygodny

Reporter

Isaac Shabtay

Labels

Severity

High

Target Version

4.4

Premium Only

yes

Found In Version

4.3

QA Owner

None

Bug Type

legacy bug

Customer Encountered

None

Customer Name

None

Release Notes

None

Priority

None

Epic Link

Sprint

None

Priority

Unprioritized
Configure