[SERVER-27595] Client IP address not shown Created: 06/Jan/17  Updated: 06/Apr/23  Resolved: 09/Jun/17

Status: Closed
Project: Core Server
Component/s: Logging
Affects Version/s: 3.2.10, 3.4.0
Fix Version/s: 3.5.9

Type: Bug Priority: Major - P3
Reporter: Bruno Santos Assignee: Sara Golemon
Resolution: Done Votes: 2
Labels: neweng, platforms-interns-2017
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-16452 Failed login attempts should log sour... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Steps To Reproduce:

Try to login with an nonexistent user

Sprint: Platforms 2017-06-19
Participants:

 Description   

When an user tries to brute force access the mongo database it does not show the ip address of the incoming connection attempt.

I only get the following two lines of log:

2017-01-06T00:57:05.883+0000 I ACCESS [conn6110] Failed to authenticate rafa@admin with mechanism MONGODB-CR: AuthenticationFailed: UserNotFound: Could not find user rafa@admin
2017-01-06T00:57:06.253+0000 I ACCESS [conn6110] authenticate db: admin

{ authenticate: 1.0, user: "rafa", nonce: "xxx", key: "xxx" }

When the user exists but the password is wrong, I get the following line of log:

2017-01-05T23:38:55.782+0000 I ACCESS [conn624] Failed to authenticate rafa@admin with mechanism MONGODB-CR: AuthenticationFailed: MONGODB-CR credentials missing in the user document

I've found that this issue SERVER-16452was to resolve this problem.

I've seen this problem with both versions that I marked.



 Comments   
Comment by Sara Golemon [ 09/Jun/17 ]

MONGODB-CR authentication failure message changed to add " from client 1.2.3.4" to output

Comment by Githook User [ 09/Jun/17 ]

Author:

{u'username': u'sgolemon', u'name': u'Sara Golemon', u'email': u'sara.golemon@mongodb.com'}

Message: SERVER-27595 Add client IP address to authentication failure message
Branch: master
https://github.com/mongodb/mongo/commit/57838919a21acd61fcc679581999b092c91ef62e

Comment by Sara Golemon [ 09/Jun/17 ]

Green: https://evergreen.mongodb.com/version/593ac2d22fbabe47ac001330#/0
LGTM: https://mongodbcr.appspot.com/136280001/#msg4

Landing...

Comment by Kelsey Schubert [ 06/Jan/17 ]

Hi brunohms,

Thanks for reporting this behavior, we've confirmed that the client's IP is not logged on failed attempts with the MONGODB-CR authentication mechanism, and I'm marking this ticket to be scheduled. Please continue to watch for updates.

As you've likely seen, the current workaround is described by Andy on SERVER-16452. Alternatively, you could consider upgrading to SCRAM-SHA-1.

Kind regards,
Thomas

Comment by Bruno Santos [ 06/Jan/17 ]

Another issue related to this subject is SERVER-22054

Generated at Thu Feb 08 04:15:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.