Documentation - V-282943

V-282943

MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide

CAT II

Title

MongoDB must be configured to restrict the use of administrator access to authorized IP addresses.

Description

<VulnDiscussion>MongoDB will use Authentication Restrictions to enforce network-based separation of admin users from application users on the same port. With Authentication Restrictions, the database can be configured to specify a list of IP addresses and CIDR ranges from which a user is allowed to connect to the server or from which the server can accept users. Authentication Restrictions addresses the following: - Network-based Separation: Admin users are restricted to connecting only fro...

Fix Text (Documentation Requirement)

For all administrative users that do not have network restrictions configured, use the following command: use admin db.updateUser( "<username>", { authenticationRestrictions: [ { clientSource: [ "<ip_or_cidr>", serverAddress: ["<ip_or_cidr>"] } ] }) Run the following command to set to local host: use admin db.updateUser("<username>", { authenticationRestrictions: [ { clientSource: ["127.0.0.1"], serverAddress: ["127.0.0.1"] } ] }) More information can be found here: https://www.mongodb.com/docs/manual/reference/command/createUser/#authentication-restrictions

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel