[4eyes] [COE #68282] [UCSB-OIT #700246] Vulnerabilities Found On 128.111.28.110

Jay Byungkyu Kang bkang at umail.ucsb.edu
Fri Nov 13 17:28:11 PST 2015 

Hi Matthew,

A MongoDB server has been running on my desktop. I just stopped it and enabled authentication mode.
I will pay more attention to any possible causes of vulnerability.

-Jay

> On Nov 13, 2015, at 5:16 PM, Matthew Turk <mturk at cs.ucsb.edu> wrote:
> 
> We have an unsecured MongoDB server running on machine 128.111.28.110. Whose is this?? Please check ASAP.
> 
> Thanks,
> 	Matthew
> 
> -----Original Message-----
> From: Tier II Support Issues via CoE Support [mailto:help at engineering.ucsb.edu] 
> Sent: Friday, November 13, 2015 12:05 PM
> To: holl at cs.ucsb.edu; mturk at cs.ucsb.edu
> Subject: [COE #68282] [UCSB-OIT #700246] Vulnerabilities Found On 128.111.28.110
> 
> The following reply has been made regarding CoE Support ticket #68282:
> 
> Hello,
> 
> OIT is reporting your server having an unsecured MongoDB server running.
> 
> On Fri Nov 13 10:50:17 2015, security at ucsb.edu wrote:
>> Greetings:
>> 
>> Our vulnerability scanner has found a potentially vulnerable host on
>> your network. You should consider taking the recommended actions
>> mentioned in this report in order to reduce the chances of this
>> host being abused by an attacker. If you believe any part of this
>> report to be incorrect, please let us know so that we can work to
>> improve our reporting accuracy.
>> 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Here is information about potential vulnerabilities that were found:
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
>> IP: 128.111.28.110
>> FQDN: ilab-110.cs.ucsb.edu
>> Scanned From: off-campus address
>> Scan Start: Fri Nov 13 13:01:43 2015
>> Scan End: Fri Nov 13 13:01:53 2015
>> 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
>> Plugin Name: MongoDB Service Without Authentication Detection (81777)
>> 
>> Synopsis:
>> 
>> The remote host is running a database system that does not have
>> authentication enabled.
>> 
>> Description:
>> 
>> MongoDB, a document-oriented database system, is listening on the
>> remote port, and it is configured to allow connections without any
>> authentication. A remote attacker can therefore connect to the
>> database system in order to create, read, update, and delete
>> documents, collections, and databases.
>> 
>> See Also:
>> 
>> http://www.mongodb.org/
>> 
>> Solution:
>> 
>> Enable authentication or restrict access to the MongoDB service.
>> 
>> Risk Factor: Medium
>> CVSS Base Score: 6.4
>> 
>> 
>> Plugin Information:
>> 
>> 
>> Plugin Output:
>> 
>> Port: 27017 / tcp / mongodb
>> None
>> 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 
> 
> 
> --
> 
> Scott Kasai
> User Support Specialist
> Engineering Computing Infrastructure
> University of California, Santa Barbara
> 
> 
> 
> _______________________________________________
> Ilab-users mailing list
> Ilab-users at lists.cs.ucsb.edu
> https://lists.cs.ucsb.edu/mailman/listinfo/ilab-users

More information about the Ilab-users mailing list