2.2 Ensure that MongoDB does not bypass authentication via the localhost exception

Information

MongoDB should not be set to bypass authentication via the localhost exception. The localhost exception allows you to enable authorization before creating the first user in the system.
Note: This recommendation only applies when there are no users created in the MongoDB instance.
Rationale:
Disabling this exception will prevent unauthorized local access to the MongoDB database. It will also ensure traceability of each database activity to a specific user.

Solution

Since enableLocalhostAuthBypass is not available using the setParameter database command, use the setParameter option in the configuration file to set it to false.
setParameter:
enableLocalhostAuthBypass: false
Default Value:
Not configured

See Also

https://workbench.cisecurity.org/files/1705

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|16

Plugin: Windows

Control ID: 67987555fec017c043f5969bfae3f94ebe20c56821be2a27b5dc400b12051ee8