False positive report when running Nessus Vulnerability Scanner on VideoXpert
Pelco Video Management
- Nessus Vulnerability Scanner
Nessus checks the Mongo database by sending a probe command that only runs on mongoD. However, Nessus is connecting to mongoS instead. MongoS cannot process the command so it fails in a different way than Nessus expects, and Nessus assumes that there is an authenication problem when there is not.
VideoXpert has had Mongo authentication turned on since version 1.5. Please ensure that your system is running version 1.5 or greater.