MongoDB Service Without Authentication Detection when running Nessus Vulnerability Scanner on VideoXpert.


False positive report when running Nessus Vulnerability Scanner on VideoXpert

Product Line

Pelco Video Management


  • VideoXpert
  • Nessus Vulnerability Scanner


Nessus checks the Mongo database by sending a probe command that only runs on mongoD. However, Nessus is connecting to mongoS instead. MongoS cannot process the command so it fails in a different way than Nessus expects, and Nessus assumes that there is an authenication problem when there is not.


VideoXpert has had Mongo authentication turned on since version 1.5. Please ensure that your system is running version 1.5 or greater.