MongoDB Password List Vulnerability

MongoDB is an open source database project, which is available for a number of operating systems, including Microsoft Windows and Linux.

We have obtained a list of MongoDB users along with their passwords and/or password hashes. This includes local as well as remote users. The list was obtained because the MongoDB database has at least one default user with no or a weak password.

Exploitation of this vulnerability allows a remote attacker to connect to the database. Consequently, the attacker can access sensitive information, and can launch denial of service attacks through the destruction of data.

Administrators should disable the default account or supply a strong password.