Uploaded image for project: 'MongoDB Shell'
  1. MongoDB Shell
  2. MONGOSH-1729

Database passwords stored in cleartext in repl history

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • No version
    • Affects Version/s: 2.1.5
    • Component/s: None
    • None
    • Environment:
      OS: MacOS Sonoma 14.3.1
      node.js / npm versions: 20.11.0 / 10.3.0
      Additional info: I brew installed mongodb-community 7.0
    • Developer Tools
    • Not Needed

      • Problem Statement/Rationale

      My passwords are being stored in 

      
      

      ~/.mongodb/mongosh/mongosh_repl_history

       

      Please be sure to attach relevant logs with any sensitive data redacted.
      How to retrieve logs for: Compass; Shell

      See attached logs

      Steps to Reproduce

      Run the following:

      mongosh
      use admin;
      db.auth("myusername", "mypassword");
      exit
      cat ~/.mongodb/mongosh/mongosh_repl_history

      Expected Results

      I expect to NOT see my password I just tried to auth with stored in ~/.mongodb/mongosh/mongosh_repl_history

      Actual Results

      I see my password I just tried to auth with stored in ~/.mongodb/mongosh/mongosh_repl_history

      Additional Notes

      When I run the following I see that redactHistory is set to remove:

      mongosh
      config.get('redactHistory')
      remove // output

       

            Assignee:
            Unassigned Unassigned
            Reporter:
            michauxkelley@gmail.com Michaux Kelley
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: