A brief reminder that mongodb is insecure out of the box
While running a mongo instance today, I overlooked something pretty stupid and nearly let an attacker into my computer. I had just done a brand new install of mongo and was running the mongod client to do some testing. I left my computer for a bit and returned to the following warning from little snitch:
This is exactly what it looks like- mongo had opened itself up publicly on port 27017, straight out of the box. There was no password set, and no remote restrictions. A quick google search shows dozens of mongo instances compromised by this IP address alone. This means full db read-write access at best, and possibly remote code execution at the worst. Obviously this isn’t exclusive to just mongo- people leave default logins on their public servers all the time. But nevertheless, it’s a good reminder not to just assume software is safe straight out of the box.