About ii weeks back, over 40,000 organizations running MongoDB were establish unprotected as well as vulnerable to hackers. Now, in 1 lawsuit over again the users of MongoDB database are at demand chances because of a critical zero-day vulnerability making rounds inwards hush-hush market.
MongoDB, 1 of the leading NoSQL databases, is an open-source database used yesteryear companies of all sizes, across all industries for a broad diversity of applications. By leveraging in-memory computing, MongoDB provides high surgical procedure for both reads as well as writes.
'PhPMoAdmin' ZERO-DAY VULNERABILITY
Hacker known yesteryear the online moniker, "sp1nlock" has establish a zero-day vulnerability inwards 'phpMoAdmin', a free, open-source, written inwards PHP, AJAX-based MongoDB GUI (graphical user interface) direction tool that allows you lot to easily create produce noSQL database MongoDB.
According to multiple posts available on the exploit selling hush-hush forums, the phpMoAdmin is vulnerable to a Zero-Day Remote Code Execution flaw that allows an unauthorized remote user to hijack the websites running phpMoAdmin tool.
0-DAY EXPLOIT AVAILABLE AND information technology WORKS
At the fourth dimension of writing, nosotros accept no persuasion that phpMoAdmin developers are aware of the this zero-day vulnerability or not, but this exploit is already for sale on hush-hush exploits forums as well as has already been verified yesteryear the marketplace administrators that — It Works!
It mightiness endure possible that release of buyers as well as hackers already accept access to the phpMoAdmin zero-day exploit and, unfortunately, in that location is no while even thence available for thousands of vulnerable websites.
HOW TO PROTECT MONGO DATABASE ?
In social club to protect yourself, users of MongoDB database are recommended to avoid using phpMoAdmin until the developer squad releases a while for the zero-day remote code execution vulnerability.
As an alternate to the phpMoAdmin, you lot tin brand purpose of other costless MongoDB GUI Tools available, equally follows:
- RockMongo – Influenza A virus subtype H5N1 Powerful MongoDB GUI Tool
- MongoVUE – Influenza A virus subtype H5N1 Desktop based MongoDB GUI Tool
- Mongo-Express – Influenza A virus subtype H5N1 good featured MongoDB GUI Tool
- UMongo – Influenza A virus subtype H5N1 Decent MongoDB GUI Tool
- Genghis – Influenza A virus subtype H5N1 lightweight MongoDB GUI Tool
However, if you lot don’t desire to supervene upon your phpMoAdmin file, as well as then the simplest approach would endure to confine unauthorized access using htaccess password i.e. creating '.htpasswd' authentication for folder containing "moadmin.php" file.