Recently, the security team detected that some Alibaba Cloud users have unauthorized access to the MongoDB database. This vulnerability is harmful and can easily cause database leaks. To ensure the security of your business and applications, you must fix vulnerabilities as soon as possible.
The specific matters are as follows:
1. Hazards
When the MongoDB service is enabled without adding any parameters, no permission verification is performed by default. Login users can use the default port to perform any operations on the database without a password and remotely access the database!
2. Vulnerability causes
At the time of installation, MongoDB has an admin database by default. At this time, the admin database is empty and no permission-related information is recorded! When admin. system. users is not a user sometimes, even if the -- auth parameter is added when mongod is started, if the user is not added to the admin database, at this time, no authentication is required or any operation can be performed (whether or not the -- auth parameter is enabled) until. system. A user is added to users. The core of reinforcement is that mongodb authentication takes effect only after users are added to admin. system. users!
3. Vulnerability reinforcement solution (for reference only)
Method 1:
You can modify the port and the specified ip address.
It can be set based on the actual situation or directly on the server firewall.
Method 2:
Add a user to admin. system. users to start authentication.
# Create a user in the admin database! The supper password is sup (examples are provided here)
[Mongodb @ rac3 bin] $./mongo 127.0.0.1: 27017
MongoDB shell version: 2.0.1
Connecting to: 127.0.0.1: 27017/test
> Use admin
Switched to db admin
>
> Db. addUser ("supper", "sup ")
{"N": 0, "connectionId": 4, "err": null, "OK": 1}
{
"User": "supper ",
"ReadOnly": false,
"Pwd": "51a481f72b8b8218df9fee50b3737c44 ",
"_ Id": ObjectId ("4f2bc0d357a309043c6947a4 ")
}
> Db. auth ("supper", "sup ")
1
> Exit