According to researchers at the German Center for IT-Security, Privacy, and Accountability (CISPA) a less experienced administrator to set up a MongoDB Web server may forget to set important security measures. "This leads to a completely open and vulnerable database that anyone can approach, and even worse, can manipulate."
Standard running MongoDB on TCP port 27017. An attacker would only need to perform a port scan to find databases. This would only cost a few hours or can be done through a search engine as Shodan. During the first port scan, the researchers discovered 39 890 open MongoDB databases. The researchers note that the figure may be inaccurate.
Many larger providers blocked ie port scan, so there may be much more open MongoDB databases are online. On the other hand, different databases may be set intentionally to be vulnerable and open, for example as a honeypot. The researchers in their report ( pdf ) several recommendations to secure databases. In an update , they emphasize that the problem is not with MongoDB, but the administrators who configure the software insecure.
No comments:
Post a Comment