{"id":23698,"date":"2015-07-28T16:03:17","date_gmt":"2015-07-28T10:33:17","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=23698"},"modified":"2015-12-14T12:13:12","modified_gmt":"2015-12-14T06:43:12","slug":"is-your-mongodb-publicly-accessible","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/is-your-mongodb-publicly-accessible\/","title":{"rendered":"Is your MongoDB publicly accessible?"},"content":{"rendered":"

MongoDB is a NoSQL database that delivers a performance oriented, highly available and scalable database system. Recently, a large number of MongoDB instances<\/a> were found to be publicly accessible over the Internet. A large amount of data was leaked due to the fact that these instances were running an outdated and unpatched version of MongoDB. It is much of a misconfiguration than a vulnerability. This raises a serious question: “Is your MongoDB publicly accessible?”<\/strong><\/p>\n

What is this issue about?<\/span><\/h3>\n

In 2012, this issue was first reported. It made a database server vulnerable if they were not properly configured. The default installation of MongoDB did not have a \u2018bind_ip 127.0.0.1\u2019 option set in the mongodb.conf file. The best practice proposed was to control the database access to allow access from least possible sources. Although, this issue is being resolved in 2.6.0 version of MongoDb. The configuration file “mongod.conf”(which is located in \/etc directory) has the net.bindIp address set to 127.0.0.1.
\n\"Mongo_bind\"<\/p>\n

Significance of bindIp<\/span><\/h3>\n

It is the IP address that MongoDB binds to listen for connections from different applications. We can attach MongoDB to a different interface as well. To bind MongoDB to multiple IP addresses, we have to enter a list of comma separated values.<\/p>\n

Origin of vulnerability<\/span><\/h3>\n

There are instances, such that the application which uses MongoDB probably has an authentication mechanism, but the database itself doesn’t have any authentication. Also, it is found in many cases, the database and the application using the database are present on different servers.The system adminstrator may have removed the \u201cbind_ip\u201d flag, in order to allow all network connections to the MongoDB database. This allows access from all untrusted network and if encryption of transmission and access control are not implemented properly, the database becomes publicly exposed.<\/p>\n

Possible detection<\/span><\/h3>\n