Qualys Warns: Thousands of Unsecured MongoDB Databases Exposed
Qualys Vulnerability Management has issued QID 19965 to identify exposed MongoDB instances on the internet. This comes as a warning to German organizations, as thousands of such databases are accessible without authentication, posing a significant risk to data integrity and security.
The detection process involves sending queries to the default port of target systems. If a 'whatsmyurl' request is successful, it indicates that MongoDB is running on that port. A second query then lists databases to confirm if the instance allows remote, unauthenticated access. Around 40,000 vulnerable MongoDB databases have been discovered on the internet, with three students from the University of Saarland first uncovering this issue on thousands of commercial web servers.
Exposed MongoDB instances can be easily targeted by attackers. Without proper access restrictions, they can perform unauthorized actions or even take control of the database, potentially leading to data manipulation or theft. Many MongoDB databases are configured to accept any connection from the internet, exacerbating this security concern.
Qualys' new QID aims to help organizations identify and secure their exposed MongoDB instances. With the potential risk affecting any institution or company using such improperly secured databases, it is crucial for German organizations to take immediate action to protect their data.
Read also:
- Regensburg Customs Crackdown Nets 40+ Violations in Hotel Industry
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Germany Boosts EV Charging: 1,000 Fast-Charging Points on Motorways by 2026
- Increased energy demand counters Trump's pro-fossil fuel strategies, according to APG's infrastructure team.
