[SERVER-17516] Add audit log messages for using incorrect auth mechanisms. - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major - P3
Resolution: Unresolved
Affects Version/s: 3.0.0
Fix Version/s: features we're not sure of
Component/s: Security
Labels:
- former-quick-wins

Assigned Teams:

Security

Description

We should investigate whether we want to log to the audit log when a user attempts to authenticate with a nonexistent auth mechanism, for example:

> db.auth({user:"amalia", pwd:"123456", mechanism:"fake"});

This currently does not log to the audit log, and we may wish to change that behavior.

Attachments

Issue Links

is related to

SERVER-17507 MongoDB3 enterprise AuditLog

Closed

Activity

People

Assignee:: Backlog - Security Team

Reporter:: Amalia Hawkins

Participants:: Amalia Hawkins, Backlog - Security Team

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: Mar 09 2015 07:16:58 PM UTC

Updated:: Dec 06 2022 04:55:00 AM UTC