NetWitness Community

socuser · ‎2020-07-14

In our organisation we got one VAPT comment that "Mongo DB credentials not set" now normally we have seen when ever team has logged in into mongo they will be using below format:

# mongo admin -u deploy_admin -p password

but after getting the VAPT comment just tried to log with below:

# mongo admin

and was able to login, so would like to know what should be the default behavior should it act like that?

Also found this 000037015 - How to reset deploy_admin password for mongo DB in RSA NetWitness Platform 11.x

As per this doc should we check out step 5 or there can be other reason behind it.

AaronMartin2 · ‎2020-07-14

It could be because authentication is disabled but the question I have for you is can you do anything on login? In my case, I can do the same as you but because I didn't authenticate with any means, any of the common database operations I expect I cannot complete or get nothing for any query I may run.

[root@NWAdmin ~]# mongo admin
MongoDB shell version v4.0.13
connecting to: mongodb://127.0.0.1:27017/admin?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("328c47b0-2baf-4060-859c-178315e16b8b") }
MongoDB server version: 4.0.13
> show collections
Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
> show dbs
> db.system.users.find().pretty()
Error: error: {
        "ok" : 0,
        "errmsg" : "command find requires authentication",
        "code" : 13,
        "codeName" : "Unauthorized"
}

View solution in original post

AaronMartin2 · ‎2020-07-14

It could be because authentication is disabled but the question I have for you is can you do anything on login? In my case, I can do the same as you but because I didn't authenticate with any means, any of the common database operations I expect I cannot complete or get nothing for any query I may run.

[root@NWAdmin ~]# mongo admin
MongoDB shell version v4.0.13
connecting to: mongodb://127.0.0.1:27017/admin?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("328c47b0-2baf-4060-859c-178315e16b8b") }
MongoDB server version: 4.0.13
> show collections
Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
> show dbs
> db.system.users.find().pretty()
Error: error: {
        "ok" : 0,
        "errmsg" : "command find requires authentication",
        "code" : 13,
        "codeName" : "Unauthorized"
}

JohnSnider · ‎2020-07-14

Dell Customer Communication - Confidential

Note that this is an "implicit session", if you look at the mongo documentation, this is just the mongo shell running, not connected to any db. you have no privs to anything. you can run some mongo shell commands (I use this in some of my scripts to do some calculations that are built into the mongo shell at times), but there is no db access, unless you login.

You get the same thing just by running :

mongo

socuser · ‎2020-07-15

Yes checked it got the same, able to enter the shell but unable to run anything on database.

Thanks for the help have a good one!!

socuser · ‎2020-07-15

Thanks for the detailed explanation got what i was looking for.

Have a good one!!

NetWitness Community

Mongo DB default Credentials Status