Skip to main content
__wf_reserved_inherit

MongoDB Credentials

Description

General

  • Documentation: https://docs.mongodb.com/manual/reference/connection-string/

  • Summary: MongoDB is a document-oriented database. This detector aims at finding MongoDB credentials in the form of URI connection strings, variable assignments or used when calling its CLIs.

  • IPs allowlist: This can be implemented directly on the server running Mongo.

  • Scopes: MongoDB employs role-based access control to govern access to the system. Various roles can be attributed to users. Read this documentation for more details.

Revoke the secret

User's permissions can be managed by database administrators. Users with appropriate privileges can also change their own passwords. Read this documentation on changing passwords for more details.

Check for suspicious activity

Database access logs can be stored and audited on the server side to investigate suspicious activities.

Details for Mongo assignment

  • Family: Database

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 5.07

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mongo

Examples

- text: |
    docker run --name mongo -d -p 8080:8080
    DB_HOST=mongo.com
    DB_PORT=5434
    DB_username=root
    DB_password=m42ploz2wd
    DB_NAME=paul
  host: mongo.com
  port: '5434'
  username: root
  password: m42ploz2wd
  database: paul

- text: |
    docker run --name mongo -d -p 8080:8080
    DB-HOST=mongo.com
    DB-PORT=5434
    DB-username=root
    DB-password=m42ploz2wd
    DB-NAME=paul
  host: mongo.com
  port: '5434'
  username: root
  password: m42ploz2wd
  database: paul

- text: |-
    +spring.data.mongodb.username=root
    +spring.data.mongodb.password=m42ploz2wd

    +spring.data.mongodb.database=mydb
    +spring.data.mongodb.port=27017
    +spring.data.mongodb.host=some_host.mongodb.net
  host: some_host.mongodb.net
  port: '27017'
  username: root
  password: m42ploz2wd
  database: mydb

Details for Mongo cli

  • Family: Database

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 1.12

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - mongo

Examples

- text: mongodb --user randomman --password w@ri0rors0methIn@G03 --host mongodb.mywebsite.com
  username: randomman
  password: w@ri0rors0methIn@G03
  host: mongodb.mywebsite.com

Details for Mongo uri

  • Family: Database

  • Category: Data storage

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 8

  • Occurrences found for one million commits: 912.32

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - mongo

Examples

- text: |
    CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd
  scheme: mongodb
  connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift
  database: thegift

- text: |
    const MongoClient = require('mongodb').MongoClient;
    const uri = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority";
    const client = new MongoClient(uri, { useNewUrlParser: true });
    client.connect(err => {
      const collection = client.db("test").collection("devices");
      // perform actions on the collection object
      client.close();
    });
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    client = mongoc_client_new ("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");
    db = mongoc_client_get_database (client, "test");
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    #include <mongocxx/client.hpp>
    ##include <mongocxx/instance.hpp>
    //...
    mongocxx::instance inst;
    mongocxx::client conn{mongocxx::uri{"mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"}}
    mongocxx::database db = conn["test"];
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    var client = new MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");
    var database = client.GetDatabase("test");
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    MongoClientURI uri = new MongoClientURI(
    "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");
    MongoClient mongoClient = new MongoClient(uri);
    MongoDatabase database = mongoClient.getDatabase("test");
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    my $client = MongoDB->connect('mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority');
    my $db = $client->get_database( 'test' );
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    $client = new MongoDB\Client(
    'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority');
    $db = $client->test;
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    client = pymongo.MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority")
    db = client.test
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    val uri: String = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"
    System.setProperty("org.mongodb.async.type", "netty")
    val client: MongoClient = MongoClient(uri)
    val db: MongoDatabase = client.getDatabase("test")
  host: gg-is-awesome-xm273.mongodb.net
  username: testuser
  password: hub24aoeu
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    val uri: String = "mongodb+srv://myuser:" + urllib.quote('realp@ssword') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"
  host: gg-is-awesome-xm273.mongodb.net
  username: myuser
  password: '" + urllib.quote(''realp@ssword'') + "'
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://myuser:" + urllib.quote(''realp@ssword'') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    val uri: String = "mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"
  host: gg-is-awesome-xm273.mongodb.net
  username: myuser
  password: '${encodeURI(realp@ssword)}'
  scheme: mongodb+srv
  connection_uri: 'mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
  query: 'retryWrites=true&w=majority'
  database: test

- text: |
    mongodb://localhost:27017" || mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq
  host: ds153494.mlab.com
  username: heroku_cwf2cqqq
  password: 8vpi8pekalrvhlae96mahc4qqq
  scheme: mongodb
  port: '53494'
  connection_uri: 'mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq'
  database: heroku_cwf2cqqq

- text: |
    mongodb://admin:truepwd695++@120.79.10.159:27017
  host: 120.79.10.159
  username: admin
  password: truepwd695++
  scheme: mongodb
  port: '27017'
  connection_uri: 'mongodb://admin:truepwd695++@120.79.10.159:27017'

# Test for collisions between mongo uri and microsoft_azure_storage
- text: |
    Azure context
    mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017
  host: 120.79.10.159
  username: admin
  password: ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==
  scheme: mongodb
  port: '27017'
  connection_uri: 'mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017'

# Test detection in md files
- text: |
    CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift"
  host: google.com
  port: '5434'
  username: root
  password: m42ploz2wd
  scheme: mongodb
  connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift
  database: thegift
__wf_reserved_inherit__wf_reserved_inherit

Something we didn’t cover?

__wf_reserved_inherit

See our Roadmap

__wf_reserved_inherit

Subscribe on GitHub

__wf_reserved_inherit

Submit a request

__wf_reserved_inherit

API status