logo

Port 27017 – MongoDB

Service:

mongod

Protocol:

TCP

Port:

27017

Used for:

NoSQL database access

Why It’s Open

MongoDB is fast and easy to deploy, which leads to frequent misconfigurations.

Common Risks

  • No Auth by Default (older versions)
  • Exposed Collections
  • Data Wipe Ransom Attacks

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if it’s open

Terminal window
nmap -p 27017 -sV

Mongo check

Terminal window
mongo :27017


mongo --host  --eval "db.stats()"


mongo --host  --eval "db.getCollectionNames()"


mongo --host  --eval "db.system.users.find().pretty()"

What to Look For

CheckpointWhat it means
No login requiredHuge data exposure risk
Open internet accessRansom risk

Known Exploits

  1. CVE-2019-2386 MongoDB 4.0 before 4.0.10 and 4.1 before 4.1.11 allows remote attackers to cause a denial of service via a crafted request.

🔗 NVD Entry

  1. CVE-2019-2389 MongoDB 4.0 before 4.0.10 and 4.1 before 4.1.11 allows remote attackers to cause a denial of service via a crafted request.

🔗 NVD Entry

Mitigation

  • Enable authentication.
  • Use firewalls/VPCs to restrict access.
  • Monitor and alert on unusual queries.

TL;DR

  • Service: MongoDB (NoSQL database)
  • Default Port: 27017
  • Risks: Unauthenticated access, data leakage, DoS
  • Mitigation: Enable authentication, bind to trusted interfaces, use firewalls