[SERVER-59604] Audit log authcheck record has incorrect command for unauthenticated user Created: 26/Aug/21 Updated: 29/Oct/23 Resolved: 28/Oct/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.2.15, 4.4.8, 5.0.2 |
| Fix Version/s: | 5.2.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brown | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Steps To Reproduce: | This issue reproduces on MongoDB Enterprise 4.2.15, 4.4.8, and 5.0.2. To reproduce, start a standalone mongod with audit enabled, connect with the legacy mongo shell without authenticating, and attempt to run (for example) db.foo.findOne(). Then check the audit log, you should see an entry similar to the above. The command field should contain "find", not "Error". |
||||
| Sprint: | Security 2021-11-01 | ||||
| Participants: | |||||
| Description |
|
When an unauthenticated user attempts a command that requires authentication, an authcheck record may be generated in the audit log. The record looks like this:
Note the param.command field is "Error" rather than the actual command. |
| Comments |
| Comment by Githook User [ 28/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |