root not recognized as an admin role

stampery / mongoaudit

🔥 A powerful MongoDB auditing and pentesting tool 🔥

https://mongoaud.it

MIT License

1.32k stars 136 forks source link

root not recognized as an admin role #27

Closed pboffino closed 7 years ago

pboffino commented 7 years ago

I provided mongoaudit a user that had the "root" role and, since it wasn't dbAdmin or dbOwner, it told me it was ok, but the root role contains those 2

aesedepece commented 7 years ago

Hi @pboffino, thanks a lot for reporting. We just need to add root to the dangerous roles list as somehow we missed it.