SYM_PY_0166 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of Obsolete Function
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-477: Use of Obsolete Function |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses the deprecated 'MONGODB-CR' authentication mechanism when connecting to MongoDB with pymongo. This method has been removed in MongoDB 4.0 and above, making connections unreliable or impossible with newer servers.
Impact
Relying on an obsolete authentication method can prevent your application from connecting to modern MongoDB deployments, potentially causing outages. If older, unsupported auth methods are used, it may also expose your system to security risks that have been fixed in newer authentication protocols.