mongodump/mongorestore shows clear password in the process list

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Won't Fix
    • Priority: Critical - P2
    • None
    • Affects Version/s: 3.0.6
    • Component/s: mongodump
    • None
    • Platforms 2017-03-27

      In 2.6, when you execute a mongodump/mongorestore with auth info, the password will not be displayed when you issue a "ps -ef" command to list the running process.

      See attachment mongodump-output-2.6

      In 3.0.6/3.2, however, the password will be displayed when doing "ps -ef" command.

      See attachment mongodump-output-3.0

      This would allow other users to be able to learn the mongodb password.

        1. mongodump-output-2.6.jpg
          mongodump-output-2.6.jpg
          7 kB
        2. mongodump-output-3.0.jpg.png
          mongodump-output-3.0.jpg.png
          53 kB

            Assignee:
            Gabriel Russell (Inactive)
            Reporter:
            Jianfa Tang (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: