Database passwords stored in cleartext in repl history

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major - P3
    • No version
    • Affects Version/s: 2.1.5
    • Component/s: None
    • None
    • Environment:
      OS: MacOS Sonoma 14.3.1
      node.js / npm versions: 20.11.0 / 10.3.0
      Additional info: I brew installed mongodb-community 7.0
    • Not Needed
    • Developer Tools

      • Problem Statement/Rationale

      My passwords are being stored in 

      ~/.mongodb/mongosh/mongosh_repl_history

       

      Please be sure to attach relevant logs with any sensitive data redacted.
      How to retrieve logs for: Compass; Shell

      See attached logs

      Steps to Reproduce

      Run the following:

      mongosh
use admin;
db.auth("myusername", "mypassword");
exit
cat ~/.mongodb/mongosh/mongosh_repl_history

      Expected Results

      I expect to NOT see my password I just tried to auth with stored in ~/.mongodb/mongosh/mongosh_repl_history

      Actual Results

      I see my password I just tried to auth with stored in ~/.mongodb/mongosh/mongosh_repl_history

      Additional Notes

      When I run the following I see that redactHistory is set to remove:

      mongosh
config.get('redactHistory')
remove // output

       

        1. mongosh_logs-2024-03-01-mk.log
          8 kB

              Assignee:
              Unassigned
              Reporter:
              Michaux Kelley
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: