Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Mongo Express - Unauthenticated Access
By kannthu
Vidoc ModuleDescription
What is "Mongo Express - Unauthenticated Access?"
The "Mongo Express - Unauthenticated Access" module is designed to detect a misconfiguration in the Mongo Express software. Mongo Express is a web-based administrative interface for managing MongoDB databases. This module specifically targets instances of Mongo Express that can be accessed without any authentication requirements in place. The severity of this misconfiguration is classified as high, indicating the potential for unauthorized access to sensitive data.
This module was authored by dhiyaneshDK and b0rn2r00t.
Impact
If the "Mongo Express - Unauthenticated Access" module detects an instance of Mongo Express with unauthenticated access, it means that anyone can access the administrative interface without providing any credentials. This poses a significant security risk as it allows unauthorized individuals to view, modify, or delete the contents of the MongoDB databases managed by Mongo Express. It is crucial to address this misconfiguration promptly to prevent potential data breaches and unauthorized actions.
How does the module work?
The "Mongo Express - Unauthenticated Access" module works by sending HTTP requests to specific paths within the target Mongo Express instance. It then applies matching conditions to determine if the instance is accessible without authentication.
For example, one of the HTTP requests sent by the module is a GET request to the paths "/mongo-express/" and "/db/admin/system.users". The module checks for two matching conditions:
- Title Matcher: The module looks for the presence of the HTML title tags "<title>Home - Mongo Express</title>" and "<title>system.users - Mongo Express</title>". If either of these titles is found, it indicates that the Mongo Express instance is accessible.
- Status Matcher: The module checks if the HTTP response status is 200, indicating a successful request. If the status is 200, it further confirms the accessibility of the Mongo Express instance.
If both matching conditions are met, the module reports a vulnerability, indicating that the Mongo Express instance can be accessed without authentication.
It is important to note that this module is part of the Vidoc platform, which utilizes multiple modules to perform scanning and testing for various misconfigurations, vulnerabilities, and software detection.