Details
-
Bug
-
Status: Closed
-
Major - P3
-
Resolution: Fixed
-
3.2.10, 3.4.0
-
Minor Change
-
ALL
-
-
Platforms 2017-06-19
Description
When an user tries to brute force access the mongo database it does not show the ip address of the incoming connection attempt.
I only get the following two lines of log:
2017-01-06T00:57:05.883+0000 I ACCESS [conn6110] Failed to authenticate rafa@admin with mechanism MONGODB-CR: AuthenticationFailed: UserNotFound: Could not find user rafa@admin
2017-01-06T00:57:06.253+0000 I ACCESS [conn6110] authenticate db: admin
When the user exists but the password is wrong, I get the following line of log:
2017-01-05T23:38:55.782+0000 I ACCESS [conn624] Failed to authenticate rafa@admin with mechanism MONGODB-CR: AuthenticationFailed: MONGODB-CR credentials missing in the user document
I've found that this issue SERVER-16452was to resolve this problem.
I've seen this problem with both versions that I marked.
Attachments
Issue Links
- is related to
-
SERVER-16452 Failed login attempts should log source IP address
-
- Closed
-