ISSUE SUMMARY
Version 2.6.0 does not correctly redact the following startup options passed into mongod: the PEMKeyPassword, clusterPassword and Windows servicePassword. If these credentials are provided in the config file, they may be disclosed in the log file and via the getCmdLineOpts command. If the credentials are provided as command line options to mongod, the clusterPassword may additionally be disclosed via the system's process table.

USER IMPACT
Potential security risk as users with local access may be able to get access to credentials inappropriately.

WORKAROUNDS
As a work-around, we recommend to follow these security guidelines:

• make the log file readable only by the database user
• use a config file to pass the options to avoid the process listing
• limit access to the admin database appropriately
• (only if the HTTP interface is enabled, which is off by default) restrict access to HTTP interface appropriately

RESOLUTION
The patch correctly redacts the credentials.

AFFECTED VERSIONS
Version 2.6.0 was affected by this bug.

PATCHES
The patch is included in the 2.6.1 production release.