MongoDB Credentials
Service Name: MongoDB
Service Description: MongoDB is a popular NoSQL database that stores data in flexible, JSON-like documents. It provides high availability, horizontal scaling, and geographic distribution.
Service Address: https://www.mongodb.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the database level through MongoDB's network security controls, including IP whitelisting in MongoDB Atlas or through firewall configurations in self-hosted deployments.
Secret Access Scope: Grants access to MongoDB databases, collections, and documents based on the user's permissions. Can allow read, write, admin operations depending on the role assigned.
Secret Revokement URL: For MongoDB Atlas: https://cloud.mongodb.com/v2#/security/database/users
Secret Example: mongodb+srv://username:p@ssw0rd123@cluster0.mongodb.net/myDatabase
Suspicious Activity Investigation Instructions:
- Review MongoDB logs for unusual access patterns or query activities
- Check for unexpected database operations, particularly mass deletions or modifications
- Monitor for unauthorized collection creation or schema changes
- Examine connection logs for access from unusual IP addresses or locations
- Review authentication logs for failed login attempts
Mitigation Instructions:
- Immediately change the password for the compromised MongoDB user
- For MongoDB Atlas: Log into the Atlas dashboard, navigate to Security →
Database Access, and update credentials
- For self-hosted MongoDB: Use the db.changeUserPassword() method to
update credentials
- Review and restrict user permissions to follow the principle of least privilege
- Enable IP whitelisting to restrict access to known IP addresses
- Implement database auditing to track future access and operations
- Consider implementing MongoDB Enterprise security features like LDAP
authentication and Kerberos if available