[SERVER-83575] I have enabled authentication and still can connect without username and password to MongoDB Created: 26/Nov/23  Updated: 13/Dec/23  Resolved: 13/Dec/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Gabor Horovitz Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OS: ubuntu 22.04
Using MongoDB: 7.0.3
Using Mongosh: 2.1.0


Participants:

 Description   

Problem Statement/Rationale

I have enabled authentication and still can connect without username and password to MongoDB

Please be sure to attach relevant logs with any sensitive data redacted.

{{

{ "t": \{ "$date": "2023-11-26T10:39:15.483+00:00" }

,
"s": "I",
"c": "CONTROL",
"id": 21951,
"ctx": "initandlisten",
"msg": "Options set by command line",
"attr": {
"options": {
"config": "/etc/mongod.conf",
"net": {
"bindIp": "*",
"ipv6": false,
"port": 27017,
"tls":

{ "certificateKeyFile": "/etc/ssl/mongodb.pem", "mode": "requireTLS" }

},
"processManagement": {
"fork": false,
"pidFilePath": "/var/lib/mongodb/mongodb.pid"
},
"security": { "authorization": "enabled" },
"setParameter": { "enableLocalhostAuthBypass": "false" },
"storage": { "dbPath": "/var/lib/mongodb", "directoryPerDB": false },
"systemLog": {
"destination": "file",
"logAppend": true,
"logRotate": "reopen",
"path": "/var/log/mongodb/mongod.log",
"quiet": false,
"verbosity": 0
}
}
}
}}}

Steps to Reproduce

Configure mongod service to use authorization using the following config, then restart mongod service. 

 

{{# set parameter options
setParameter:
enableLocalhostAuthBypass: false

# security options
security:
authorization: enabled
#keyFile: replace_me}}

{{}}

Expected Results

I expect to impossible to connect without username and password

Actual Results

I observe, it is possible to connect without username and password, by simply execute the $mongosh command.

Additional Notes

Any additional information that may be useful to include.



 Comments   
Comment by Eric Sedor [ 13/Dec/23 ]

For this issue we'd like to encourage you to start by asking our community for help by posting on the MongoDB Developer Community Forums.

If the discussion there leads you to suspect a bug in the MongoDB server, then we'd want to investigate it as a possible bug here in the SERVER project.

Sincerely,

Eric

Comment by PM Bot [ 26/Nov/23 ]

Hello gabor.horovitz@gmail.com, thank you for reaching out to us! The team will review your issue and get back to you soon as soon as possible.

Please review your issue to ensure you've included your environment details and have attached relevant logs (with any sensitive data redacted), so that we're best able to provide you a timely and thorough response. Thanks again!

Generated at Thu Feb 08 06:52:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.