V-279332
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
Title
MongoDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.
Description
<VulnDiscussion>Enterprise environments make account management for applications and databases challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error. Managing accounts for the same person in multiple places is inefficient and prone to problems with consistency and synchronization. A comprehensive application account management process that includes automation helps to ensure that accounts designated as requiring attentio...
Fix Text (Documentation Requirement)
Edit the MongoDB configuration file (default location /etc/mongod.conf) to include the following: security: authorization: "enabled" This will enable SCRAM-SHA-256 authentication (default). Instruction on configuring the default authentication is provided here: https://www.mongodb.com/docs/v8.0/tutorial/enable-authentication/ The high-level steps described by the above will require the following: 1. Start MongoDB without access control. 2. Connect to the instance. 3. Create the user administrator. 4. Restart the MongoDB instance with access control. 5. Connect and authenticate as the user administrator. 6. Create additional users as needed for the deployment. For OIDC, edit the MongoDB configuration file (default location /etc/mongod.conf) to include the following: setParameter:...