[4eyes] FW: [COE #68282] [UCSB-OIT #700246] Vulnerabilities Found On 128.111.28.110

Matthew Turk mturk at cs.ucsb.edu
Fri Nov 13 17:16:08 PST 2015 

We have an unsecured MongoDB server running on machine 128.111.28.110. Whose is this?? Please check ASAP.

Thanks,
	Matthew

-----Original Message-----
From: Tier II Support Issues via CoE Support [mailto:help at engineering.ucsb.edu] 
Sent: Friday, November 13, 2015 12:05 PM
To: holl at cs.ucsb.edu; mturk at cs.ucsb.edu
Subject: [COE #68282] [UCSB-OIT #700246] Vulnerabilities Found On 128.111.28.110

The following reply has been made regarding CoE Support ticket #68282:

Hello,

OIT is reporting your server having an unsecured MongoDB server running.

On Fri Nov 13 10:50:17 2015, security at ucsb.edu wrote:
> Greetings:
>
> Our vulnerability scanner has found a potentially vulnerable host on
> your network. You should consider taking the recommended actions
> mentioned in this report in order to reduce the chances of this
> host being abused by an attacker. If you believe any part of this
> report to be incorrect, please let us know so that we can work to
> improve our reporting accuracy.
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Here is information about potential vulnerabilities that were found:
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> IP: 128.111.28.110
> FQDN: ilab-110.cs.ucsb.edu
> Scanned From: off-campus address
> Scan Start: Fri Nov 13 13:01:43 2015
> Scan End: Fri Nov 13 13:01:53 2015
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Plugin Name: MongoDB Service Without Authentication Detection (81777)
>
> Synopsis:
>
> The remote host is running a database system that does not have
> authentication enabled.
>
> Description:
>
> MongoDB, a document-oriented database system, is listening on the
> remote port, and it is configured to allow connections without any
> authentication. A remote attacker can therefore connect to the
> database system in order to create, read, update, and delete
> documents, collections, and databases.
>
> See Also:
>
> http://www.mongodb.org/
>
> Solution:
>
> Enable authentication or restrict access to the MongoDB service.
>
> Risk Factor: Medium
> CVSS Base Score: 6.4
>
>
> Plugin Information:
>
>
> Plugin Output:
>
> Port: 27017 / tcp / mongodb
> None
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>


--

Scott Kasai
User Support Specialist
Engineering Computing Infrastructure
University of California, Santa Barbara

More information about the Ilab-users mailing list