0
I have read these news about MongoDB vulnerabilities. http://securityaffairs.co/wordpress/33487/hacking/40000-vulnerable-mongodbonline.html
I am using mongo from Azure in a product where privacy is very important. How can I test if I am vulnerable?
Arturo
Posted 2015-02-16T11:39:06.487
Reputation: 103
0
There is no vulnerability here per se (as noted by the researchers). Rather, the MongoDB instances referenced in this post were poorly configured - not using authentication, and were left open to the internet rather than being firewalled appropriately.
The security best practices that should be followed, and how you can both test for and alert on any such misconfiguration are explained here:
http://www.mongodb.com/blog/post/mongodb-security-best-practices
Just to note, this was published the day this news was announced in order to help people configure their systems correctly as soon as possible. I'd also note that this is no different to leaving any other service exposed in such a manner.
Adam C
Posted 2015-02-16T11:39:06.487
Reputation: 2 475
1The researchers didn't provide the information required for you to either patch MongoDB or to verify you are vulnerable to the attack. – Ramhound – 2015-02-16T13:10:19.417