Skip to content

MongoDB Credentials

Service Name: MongoDB

Service Description: MongoDB is a popular NoSQL database that stores data in flexible, JSON-like documents. It provides high availability, horizontal scaling, and geographic distribution.

Service Address: https://www.mongodb.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the database level through MongoDB's network security controls, including IP whitelisting in MongoDB Atlas or through firewall configurations in self-hosted deployments.

Secret Access Scope: Grants access to MongoDB databases, collections, and documents based on the user's permissions. Can allow read, write, admin operations depending on the role assigned.

Secret Revokement URL: For MongoDB Atlas: https://cloud.mongodb.com/v2#/security/database/users

Secret Example: mongodb+srv://username:p@ssw0rd123@cluster0.mongodb.net/myDatabase

Suspicious Activity Investigation Instructions:

  • Review MongoDB logs for unusual access patterns or query activities
  • Check for unexpected database operations, particularly mass deletions or modifications
  • Monitor for unauthorized collection creation or schema changes
  • Examine connection logs for access from unusual IP addresses or locations
  • Review authentication logs for failed login attempts

Mitigation Instructions:

  • Immediately change the password for the compromised MongoDB user
  • For MongoDB Atlas: Log into the Atlas dashboard, navigate to Security →

Database Access, and update credentials

  • For self-hosted MongoDB: Use the db.changeUserPassword() method to

update credentials

  • Review and restrict user permissions to follow the principle of least privilege
  • Enable IP whitelisting to restrict access to known IP addresses
  • Implement database auditing to track future access and operations
  • Consider implementing MongoDB Enterprise security features like LDAP

authentication and Kerberos if available