Article from: HTTP://NEWS.WOOYUN.ORG/6E6C384F2F613661377257644B346C6F75446F4C77413D3D
Servers that meet the "improperly configured Redis services" condition in an alert are at risk of being controlled by an attacker.
November 4, foreign security researcher @antirez announced a high-risk security risk for REDIS services. It found that if the Redis service is improperly configured, combined with the SSH service, you can get root privileges of the server directly. Improper configuration of the
Server includes three parts:
-
Redis service starts with the root account;
-
Redis Service has no password authentication or weak password authentication;
-
Server open SSH service, allow key login
Servers that meet the above conditions are at risk of being controlled by the attacker. There's a white hat on the black cloud. Some sites have been found to have problems and submitted vulnerability reports. and the Security Scan service tangscan monitored, and an attacker began exploiting the vulnerability to attack domestic servers.
Redis is an open-source NoSQL database that is often used to increase the speed of data read and write, and speed up website access. According to db-engines.com data, it is the most popular NoSQL database in the world and is used in a huge amount of internet products.
Dark clouds suggest that there are sites that use Redis and should be checked for misconfiguration as soon as possible. If you find a problem, you can fix it as follows:
-
Disable the use of the root account to start the Redis service;
-
Enable password for Redis access Authentication, and add IP access restrictions;
-
Do not open the SSH service directly to the public network as much as possible.
update: After an alert is released, there are white hat in the enterprise informing the cloud that there are signs that an attacker could scan and exploit the network on a large scale. Again, the use of Redis website, please start self-examination, confirm the risk.
Improper Redis configuration can cause the server to be controlled and multiple Web sites affected #通用程序安全预警 #