All Posts

1 post

How to Check for Unprotected MongoDB Databases

Recently three students from University of Saarland in Germany discovered that the MongoDB databases running on several thousand commercial web servers allow remote attackers to easily access and manipulate the database from the Internet. According to their research, it is not uncommon for MongoDB databases to be configured to accept any connection from the Internet.

In this blog I will discuss how unauthorized access works and how to check if your MongoDB is exposed. Qualys Vulnerability Management has released QID 19965 to check for the same.

Continue reading …