Details
The default MongoDB installation comes with an unused database called ‘test’. It is recommended that the test database be dropped.
Rationale:
The test database can be accessed by all users and can be used to consume system resources. Dropping the test database will reduce the attack surface of the MongoDB server.
Solution
Execute the following command mongoshell to drop the test database:
use test
db.dropDatabase()
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system MongoDB.