Redis Unauthorized Access Vulnerability

I. Vulnerability description and HARM

Redis is improperly configured for unauthorized access and is exploited maliciously by attackers.
An attacker who does not require authentication to access internal data may lead to the disclosure of sensitive information, and hackers can maliciously execute flushall to clear all data.

An attacker could execute LUA code through eval, or write backdoor files to disk via data backup, and if Redis was running as root, the hacker could write an SSH public key file to the root account and log in directly to the victim server via SSH.

Ii. software and systems that have been identified for successful use

Redis servers that are open to the public and do not have authentication enabled.

Iii. Proposed rehabilitation programme

1. Specify the network card used by the Redis service (requires a restart of Redis to take effect)
Find "# bind 127.0.0.1" in the redis.conf file, remove the previous # number and save it. Note: Only native can access Redis after modification.

2. Set access password (requires a restart of Redis to take effect)
Find the "requirepass" field in the redis.conf, then fill in the password you need, and the Redis client will need to use this password to access the Redis service.

3. Modify Redis Service running account
Please run the Redis service with a lower privileged account and disable the login permission for that account. You can restrict an attacker to writing files to a disk, but Redis data can be accessed by hackers or hacked by malicious hackers.

4. Set Firewall Policy

If the Redis service in the normal business needs to be accessed by another server, you can set the Iptables policy to allow only the specified IP to access the Redis service.

Redis Unauthorized Access Vulnerability