Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13644

Sensitive credentials in startup options are not redacted and may be exposed

    • ALL

      Issue Status as of April 22, 2014

      ISSUE SUMMARY
      Version 2.6.0 does not correctly redact the following startup options passed into mongod: the PEMKeyPassword, clusterPassword and Windows servicePassword. If these credentials are provided in the config file, they may be disclosed in the log file and via the getCmdLineOpts command. If the credentials are provided as command line options to mongod, the clusterPassword may additionally be disclosed via the system's process table.

      USER IMPACT
      Potential security risk as users with local access may be able to get access to credentials inappropriately.

      WORKAROUNDS
      As a work-around, we recommend to follow these security guidelines:

      • make the log file readable only by the database user
      • use a config file to pass the options to avoid the process listing
      • limit access to the admin database appropriately
      • (only if the HTTP interface is enabled, which is off by default) restrict access to HTTP interface appropriately

      RESOLUTION
      The patch correctly redacts the credentials.

      AFFECTED VERSIONS
      Version 2.6.0 was affected by this bug.

      PATCHES
      The patch is included in the 2.6.1 production release.

            Assignee:
            sverch Shaun Verch
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: