MongoDB Authentication Scanning Modernization - Standardized Database Policy Credential support

Summary

Tenable is updating Nessus plugins libraries to allow customers to have improved scanning of MongoDB databases on their systems. For years, Tenable products have supported scanning of MongoDB databases, and we have been working on supporting newer authentication mechanisms. Tenable products support the older MONGODB-CR method, the SCRAM-SHA-1 method, LDAP authorization for customers using saslauthd on an Enterprise MongoDB installations, and x509 Client Certificate authentication. Currently, only a single MongoDB credential set may be provided in a single scan policy, and a single optional x509 client certificate credential set. We are changing the existing Credentials->Database->Database credential type to include an option for MongoDB, with authentication options for Password, Client Certificate, and several kinds of Password Management systems.

By adding MongoDB to this existing credential option, we allow customers to specify an arbitrary amount of MongoDB credentials to use instead of one, as well as centralize the location of the client certificates to go with the rest of the login credentials for MongoDB.

Impact

Customers currently executing MongoDB scans may now specify more than one MongoDB credential, instead of just one. Customers may continue to use the existing credential options for MongoDB instead or in addition to the new ones.

Changes

No changes needed for existing scan policies if the customers are only using a single MongoDB credential to authenticate and it is already working. Customers may choose to change to using the new UI option for MongoDB, if it is currently available on their product.

Target Release Date

05 JAN 2022 for Nessus

04 JAN 2022 for  T.io

Q1-Q2 2022 T.sc