[SERVER-17516] Add audit log messages for using incorrect auth mechanisms. Created: 09/Mar/15  Updated: 06/Dec/22

Status: Open
Project: Core Server
Component/s: Security
Affects Version/s: 3.0.0
Fix Version/s: features we're not sure of

Type: Improvement Priority: Major - P3
Reporter: Amalia Hawkins Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: former-quick-wins
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-17507 MongoDB3 enterprise AuditLog Closed
Assigned Teams:
Server Security
Participants:

 Description   

We should investigate whether we want to log to the audit log when a user attempts to authenticate with a nonexistent auth mechanism, for example:

> db.auth({user:"amalia", pwd:"123456", mechanism:"fake"});

This currently does not log to the audit log, and we may wish to change that behavior.


Generated at Thu Feb 08 03:44:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.