ObjectId 5-byte Random Value Not Working

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Works as Designed
    • Priority: Major - P3
    • None
    • Affects Version/s: 4.4.8
    • Component/s: None
    • ALL
    • Hide

       

      I just wrote a small script to test this thing. And its showing that 5 - Bytes Random value is not working

      // Execute the following script
var objIds = []; 
for(var i = 0; i < 10; i++)
{ 
    objIds.push(ObjectId()); 
} 
print(objIds);
// Below given are the results I am getting.
[ 
    ObjectId("615303d56d62103cd0bbe35f"), 
    ObjectId("615303d56d62103cd0bbe360"), 
    ObjectId("615303d56d62103cd0bbe361"), 
    ObjectId("615303d56d62103cd0bbe362"), 
    ObjectId("615303d56d62103cd0bbe363"), 
    ObjectId("615303d56d62103cd0bbe364"), 
    ObjectId("615303d56d62103cd0bbe365"), 
    ObjectId("615303d56d62103cd0bbe366"), 
    ObjectId("615303d56d62103cd0bbe367"), 
    ObjectId("615303d56d62103cd0bbe368")
]

       

       

       

      Show
        I just wrote a small script to test this thing. And its showing that 5 - Bytes Random value is not working // Execute the following script var objIds = []; for ( var i = 0; i < 10; i++) { objIds.push(ObjectId()); } print(objIds); // Below given are the results I am getting. [ ObjectId( "615303d56d62103cd0bbe35f" ), ObjectId( "615303d56d62103cd0bbe360" ), ObjectId( "615303d56d62103cd0bbe361" ), ObjectId( "615303d56d62103cd0bbe362" ), ObjectId( "615303d56d62103cd0bbe363" ), ObjectId( "615303d56d62103cd0bbe364" ), ObjectId( "615303d56d62103cd0bbe365" ), ObjectId( "615303d56d62103cd0bbe366" ), ObjectId( "615303d56d62103cd0bbe367" ), ObjectId( "615303d56d62103cd0bbe368" ) ]      
    • Execution Team 2021-10-04
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      As per MongoDB Docs ObjectId consists of the following,

      1. a 4-byte timestamp value, representing the ObjectId's creation, measured in seconds since the Unix epoch
      2. a 5-byte random value
      3. a 3-byte incrementing counter, initialized to a random value

      I observed in production that ObjectIds which are being generated are following a sequential pattern that is easy to guess or predict and is a security threat in terms of data security.

      As per my investigation, MongoDB ObjectId is not honoring point 2 mentioned in documentation as highlighted in red

              Assignee:
              Louis Williams
              Reporter:
              Abdul Moiz Baig
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: