While authentication is available for MongoDB, in many instances this authentication is not enabled.
- Our initial probe tests to see if MongoDB is accessible on the Internet and collecting the system information that it discloses.
- A secondary probe is then performed to determine if a list of databases can be obtained. If an error message is generated in response to this probe, the “visible_databases” field will say “none visible”, but if no error message is generated (indicating that no authentication is in use), the “visible_databases” field will list the first five databases that were returned.
For information on how to configure your MongoDB instance securely, please consult the MongoDB Security Checklist.