MongoDB 3.0.x < 3.0.7 / 3.1.x < 3.1.9 Authentication Bypass
High Nessus Network Monitor Plugin ID 9972
SynopsisThe remote host is running a MongoDB database is vulnerable to a remote authentication bypass attack vector.
DescriptionVersions of MongoDB 3.0.x prior to 3.0.7, and 3.1.x prior to 3.1.9 are affected by an unspecified flaw in LDAP authentication that may allow a remote attacker to bypass authentication mechanisms. No further details have been provided by the developer.
SolutionUpgrade to MongoDB version 3.1.9 or later. If version 3.1.x cannot be obtained, version 3.0.7 is also patched for this vulnerability.