Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: features we're not sure of
Affects Version/s: 3.0.0
Component/s: Security
Labels:
- former-quick-wins

Assigned Teams:

Server Security
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

We should investigate whether we want to log to the audit log when a user attempts to authenticate with a nonexistent auth mechanism, for example:

> db.auth({user:"amalia", pwd:"123456", mechanism:"fake"});

This currently does not log to the audit log, and we may wish to change that behavior.

is related to

SERVER-17507 MongoDB3 enterprise AuditLog

Closed

Assignee:: [DO NOT USE] Backlog - Security Team
Reporter:: Amalia Hawkins (Inactive)
Participants:: [DO NOT USE] Backlog - Security Team, Amalia Hawkins
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Mar 09 2015 07:16:58 PM UTC
Updated:: Dec 06 2022 04:55:00 AM UTC