MongoDB Password List Vulnerability

漏洞类别:Database

漏洞等级:

漏洞信息

MongoDB is an open source database project, which is available for a number of operating systems, including Microsoft Windows and Linux.

We have obtained a list of MongoDB users along with their passwords and/or password hashes. This includes local as well as remote users. The list was obtained because the MongoDB database has at least one default user with no or a weak password.

漏洞危害

Exploitation of this vulnerability allows a remote attacker to connect to the database. Consequently, the attacker can access sensitive information, and can launch denial of service attacks through the destruction of data.

解决方案

Administrators should disable the default account or supply a strong password.

Leave a Reply