不受保护的MongoDB服务器？(Unprotected MongoDB server?)

 如果这是一个愚蠢或愚蠢的问题，我事先道歉。 我们只是说我偶然发现了一个属于大公司的未受保护的MongoDB服务器。 我尝试使用客户端连接到服务器，而不输入用户名和密码，并且连接成功。 现在，我不确定我是否可以访问数据库中的数据，但我可以看到它上面有一些数据库，我相信我可以在其上创建和删除数据库（没有试过）。 这构成了多大的安全漏洞？ 请注意，我没有篡改或弄乱任何东西，我只是问，所以我可以看出这是否确实是我应该报告的安全漏洞，或者是误报。 这种访问不应仅限于数据库管理员吗？ 

I apologize beforehand if this is a stupid or a silly question in any way. Let's just say that I stumbled upon an unprotected MongoDB server belonging to a big company. I tried using a client to connect to the server, without entering a username and password and it connected successfully. Now, I'm not sure if I have access to the data inside the databases, but I can see that there are a few databases on it, and I believe that it's possible for me to create and drop databases on it (haven't tried). How big of a security flaw does this constitute? Please note that I haven't tampered or messed around with anything, I'm just asking so I can discern if this is indeed a security flaw that I should report, or a false positive. Shouldn't such access be limited to database administrators?

原文：https://stackoverflow.com/questions/37279464