Version 2.6.0 does not correctly redact the following startup options passed into mongod: the PEMKeyPassword, clusterPassword and Windows servicePassword. If these credentials are provided in the config file, they may be disclosed in the log file and via the getCmdLineOpts command. If the credentials are provided as command line options to mongod, the clusterPassword may additionally be disclosed via the system's process table.
Potential security risk as users with local access may be able to get access to credentials inappropriately.
As a work-around, we recommend to follow these security guidelines:
- make the log file readable only by the database user
- use a config file to pass the options to avoid the process listing
- limit access to the admin database appropriately
- (only if the HTTP interface is enabled, which is off by default) restrict access to HTTP interface appropriately
The patch correctly redacts the credentials.
Version 2.6.0 was affected by this bug.
The patch is included in the 2.6.1 production release.