Expected Findings
- Mongo 7 is bound to `0.0.0.0:27017` with `--noauth`.
- `listDatabases` reveals tenant-segmented databases.
- `find` against `users` returns hashed passwords and recovery emails.
Document Store
Open MongoDB
MongoDB is exposed on the public internet with auth disabled, so `listDatabases`, `find`, and `serverStatus` are anonymous.
Mongo probe
Primary Flows
- serverStatus Banner + auth state
- listDatabases All tenant DBs
- users.find() Sample documents
Signals
Launch
mongod --bind_ip 0.0.0.0 --noauth --port 27017