Wednesday 11 February 2015

Nearly 40,000 MongoDB Databases Open Internet


Researchers have found on the Internet thousands MongoDB databases that are directly accessible via the Internet, making sensitive information at risk. MongoDB is an open source NoSQL database that is used by several major websites and services, as well as numerous smaller sites.

According to researchers at the German Center for IT-Security, Privacy, and Accountability (CISPA) a less experienced administrator to set up a MongoDB Web server may forget to set important security measures. "This leads to a completely open and vulnerable database that anyone can approach, and even worse, can manipulate."

Standard running MongoDB on TCP port 27017. An attacker would only need to perform a port scan to find databases. This would only cost a few hours or can be done through a search engine as Shodan. During the first port scan, the researchers discovered 39 890 open MongoDB databases. The researchers note that the figure may be inaccurate.

Many larger providers blocked ie port scan, so there may be much more open MongoDB databases are online. On the other hand, different databases may be set intentionally to be vulnerable and open, for example as a honeypot. The researchers in their report ( pdf ) several recommendations to secure databases. In an update , they emphasize that the problem is not with MongoDB, but the administrators who configure the software insecure.

No comments:

Post a Comment