[SERVER-13644] Sensitive credentials in startup options are not redacted and may be exposed Created: 17/Apr/14  Updated: 07/Jun/17  Resolved: 18/Apr/14

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: 2.6.0
Fix Version/s: 2.6.1, 2.7.0

Type: Bug Priority: Critical - P2
Reporter: Andreas Nilsson Assignee: Shaun Verch
Resolution: Done Votes: 0
Labels: asp, asp-cve, asp-sdl-internal, asp-vuln-secretsleak
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Backport Completed:
Participants:

 Description   
Issue Status as of April 22, 2014

ISSUE SUMMARY
Version 2.6.0 does not correctly redact the following startup options passed into mongod: the PEMKeyPassword, clusterPassword and Windows servicePassword. If these credentials are provided in the config file, they may be disclosed in the log file and via the getCmdLineOpts command. If the credentials are provided as command line options to mongod, the clusterPassword may additionally be disclosed via the system's process table.

USER IMPACT
Potential security risk as users with local access may be able to get access to credentials inappropriately.

WORKAROUNDS
As a work-around, we recommend to follow these security guidelines:

  • make the log file readable only by the database user
  • use a config file to pass the options to avoid the process listing
  • limit access to the admin database appropriately
  • (only if the HTTP interface is enabled, which is off by default) restrict access to HTTP interface appropriately

RESOLUTION
The patch correctly redacts the credentials.

AFFECTED VERSIONS
Version 2.6.0 was affected by this bug.

PATCHES
The patch is included in the 2.6.1 production release.



 Comments   
Comment by Githook User [ 18/Apr/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-13644 Fix command line censorship
(cherry picked from commit b1d30046c769ed625faf301c8b62186c4aeee86e)
Branch: v2.6
https://github.com/mongodb/mongo/commit/52faaa32ef9226cf6583e82d97caa40c46dade80

Comment by Githook User [ 18/Apr/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-13644 Fix command line censorship
Branch: master
https://github.com/mongodb/mongo/commit/b1d30046c769ed625faf301c8b62186c4aeee86e

Comment by Githook User [ 17/Apr/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: Revert "SERVER-13644 Fix command line censorship"

This reverts commit 44da20890f6af02ba766ca14991bbb072395a7ef.
(cherry picked from commit 65213714da82cf43ba5f54d34d1c6a2923d4a0bf)
Branch: v2.6
https://github.com/mongodb/mongo/commit/e83de252bac4f30b7a02bc08c6bc2e14c0f187bb

Comment by Githook User [ 17/Apr/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: Revert "SERVER-13644 Fix command line censorship"

This reverts commit 44da20890f6af02ba766ca14991bbb072395a7ef.
Branch: master
https://github.com/mongodb/mongo/commit/65213714da82cf43ba5f54d34d1c6a2923d4a0bf

Comment by Githook User [ 17/Apr/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-13644 Fix command line censorship
(cherry picked from commit 44da20890f6af02ba766ca14991bbb072395a7ef)
Branch: v2.6
https://github.com/mongodb/mongo/commit/791fcf4495b08bd8c108f3275ba4e489b4928537

Comment by Githook User [ 17/Apr/14 ]

Author:

{u'name': u'Shaun Verch', u'email': u'shaun.verch@mongodb.com'}

Message: SERVER-13644 Fix command line censorship
Branch: master
https://github.com/mongodb/mongo/commit/44da20890f6af02ba766ca14991bbb072395a7ef

Generated at Thu Feb 08 03:32:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.