STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:SV-96607r1_rule
V-81893
SRG-APP-000266-DB-000162
MD3X-00-000520
CAT II
10
Configure custom database code and associated application code not to divulge sensitive information or information useful for system identification in error messages.
Check custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue.
If custom database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.
When attempting to login with incorrect credentials, the user will receive an error message that the operation was unauthorized.
If a user is attempting to perform an operation for which they do not have privileges, the database will return an error message that the operation is not authorized.
V-81893
False
MD3X-00-000520
Check custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue.
If custom database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.
When attempting to login with incorrect credentials, the user will receive an error message that the operation was unauthorized.
If a user is attempting to perform an operation for which they do not have privileges, the database will return an error message that the operation is not authorized.
M
3265