Passwords Stored Using Cryptographically Weak MD5 Hash (CWE-916)

[donutloop]

User passwords are stored in the MongoDB database using a cryptographically weak hashing algorithm (e.g. MD5). The user’s credentials are constructed into the string format username:mongo:password. An MD5 hash of this string is stored in the database and used to authenticate the user.

Recent versions of MongoDB support the more secure SCRAM-SHA1 which should be used instead of the previous MONGODB-CR which uses the unsalted MD5 hash.

CWE-916 Reference: "https://cwe.mitre.org/data/definitions/916.html"

Password Property

mgo/session.go

Line 968 in f76e4f9

// PasswordHash is the MD5 hash of Username+":mongo:"+Password.

AddUser

Reference: "https://github.com/globalsign/mgo/blob/master/session.go#L1053:21"

UpsertUser

Reference: "https://github.com/globalsign/mgo/blob/master/session.go#L1053:19"

[domodwyer]

Hi @donutloop

You raise a very valid, important point - this is trivially breakable hash.

We highly recommend using certificate based authentication in production, it's really worth the time to set up from a security perspective.

As for password-based login mgo should definitely support the most secure hashes mongodb can use - we'll happily accept a PR for this, and will deprecate the MD5-based credentials as soon as we have an alternative.

Thanks @donutloop!

Dom

[philippgille]

Info:

Starting in version 4.0, MongoDB removes support for the deprecated MongoDB Challenge-Response (MONGODB-CR) authentication mechanism.

https://docs.mongodb.com/manual/core/security-scram/

[domodwyer]

Hi @philippgille

MGO already supports SCRAM authentication (though only SHA1, SHA-256 is in progress) - we'll happily accept a PR removing the MD5-based challenge-response auth mechanism though!

Dom

[Neustradamus]

@ all: I wish you a Happy New Year 2022!

Any news about it?