Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-2319

URI logging leaks credentials

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.2.0, 4.3.1
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None

      The URI logger prints the unredacted URI, leaking usernames/passwords. This should be updated to redact them out.

      e.g.

      ~/mongo $  ./mongodb-4.2.0-rc0/bin/mongofiles --uri "mongodb://kayadmin:abc123@localhost:27017/test?authSource=admin" get_id 'ObjectId("5d07eaa7c974cded5bdad227")'
2019-06-17T16:28:21.730-0400	connected to: mongodb://kayadmin:abc123@localhost:27017/test?authSource=admin
2019-06-17T16:28:21.733-0400	finished writing to dochub.keys.json

            Assignee:
            david.golden@mongodb.com David Golden
            Reporter:
            patrick.freed@mongodb.com Patrick Freed
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: