Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.2.0
Affects Version/s: 4.2.15, 4.4.8, 5.0.2
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:

Hide

This issue reproduces on MongoDB Enterprise 4.2.15, 4.4.8, and 5.0.2.

To reproduce, start a standalone mongod with audit enabled, connect with the legacy mongo shell without authenticating, and attempt to run (for example) db.foo.findOne(). Then check the audit log, you should see an entry similar to the above. The command field should contain "find", not "Error".

Show
This issue reproduces on MongoDB Enterprise 4.2.15, 4.4.8, and 5.0.2. To reproduce, start a standalone mongod with audit enabled, connect with the legacy mongo shell without authenticating, and attempt to run (for example) db.foo.findOne(). Then check the audit log, you should see an entry similar to the above. The command field should contain "find", not "Error".
Sprint:
Security 2021-11-01

When an unauthenticated user attempts a command that requires authentication, an authcheck record may be generated in the audit log. The record looks like this:

{ "atype" : "authCheck", "ts" : { "$date" : "2021-08-26T07:47:14.112-05:00" }, "uuid" : { "$binary" : "puZTT2N5RYWlDirvcy9Blw==", "$type" : "04" }, "local" : { "ip" : "127.0.2.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 39250 }, "users" : [], "roles" : [], "param" : { "command" : "Error", "ns" : "admin" }, "result" : 13 }

Note the param.command field is "Error" rather than the actual command.

Assignee:: Erwin Pe

Reporter:: Spencer Brown

Participants:: Erwin Pe, Githook User, Spencer Brown

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: Aug 26 2021 12:58:42 PM UTC

Updated:: Oct 29 2023 09:49:11 PM UTC

Resolved:: Oct 28 2021 07:55:38 PM UTC

Details

Description

Attachments

Activity

People

Dates