While authentication is available for MongoDB, in many instances this authentication is not enabled.
- Our initial probe tests to see if MongoDB is accessible on the Internet and collecting the system information that it discloses.
- A secondary probe is then performed to determine if a list of databases can be obtained. If an error message is generated in response to this probe, the “visible_databases” field will say “none visible”, but if no error message is generated (indicating that no authentication is in use), the “visible_databases” field will list the first five databases that were returned.
For information on how to configure your MongoDB instance securely, please consult the MongoDB Security Checklist.
For more details behind the scan methodology and a daily update of global MongoDB scan statistics please visit our dedicated MongoDB scan page.
For more information on our scanning efforts, check out our Internet scanning summary page.