Forum Discussion

wazir's avatar
wazir
Icon for Altostratus rankAltostratus
Jul 05, 2019

MongoDB Service Without Authentication Detection

DescriptionMongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without any authentication. A remote attacker can therefore connect to the database system in order to create, read, update, and delete documents, collections, and databases.

 

Enable authentication or restrict access to the MongoDB service.

 

What are the steps for the above vulnerabilty on linux server to enable authentication or restrict access to the MongoDB service?

 

 

  • Hi wazir,

     

    If I am understanding the description correctly then the attacker would need access to the database itself. I believe that this would mean your F5 device should be safe as long as the attacker can't login to the device. I would recommend that you simply ensure that access to the device is secure. The following article should hopefully be useful.

     

    K13092: Overview of securing access to the BIG-IP system

    https://support.f5.com/csp/article/K13092

     

    -Nathan F