MongoDB CLI Credentials

Description

General

  • Documentation: https://docs.mongodb.com/
  • Summary: MongoDB is a document-oriented database. This detector aims at finding MongoDB credentials that are used when calling its CLIs. These are often found in shell's history files or Docker files.
  • IPs allowlist: This can be implemented directly on the server running Mongo.
  • Scopes: MongoDB employs role-based access control to govern access to the system. Various roles can be attributed to users. Read this documentation for more details.

Revoke the secret

User's permissions can be managed by database administrators. Users with appropriate privileges can also change their own passwords. Read this documentation on changing passwords for more details.

Check for suspicious activity

Database access logs can be stored and audited on the server side to investigate suspicious activities.

Details for Mongo cli

  • Category: Data storage

  • Company: None

  • High Recall: True

  • Validity Check: True

  • Minimum Number of Matches: 3

  • Occurrences found for one million commits: 1.12

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions:
- css
- html
- lock
- md
- storyboard
- xib
banlist_filenames: []
check_binaries: false
- type: ContentWhitelistPreValidator
patterns:
- mongo

Examples

- text: mongodb --user randomman --password w@ri0rors0methIn@G03 --host mongodb.mywebsite.com
username: randomman
password: w@ri0rors0methIn@G03
host: mongodb.mywebsite.com