I. Vulnerability description and hazard
Redis can be accessed without authorization due to improper configuration, which is maliciously exploited by attackers.
An attacker doesn’t need authentication to access internal data, which can cause sensitive information to leak. A hacker can also maliciously execute flushall to flush out all data.
An attacker can execute Lua code through EVAL or write backdoor files to the disk through data backup. If Redis runs as root, the hacker can write SSH public key files to the root account and directly log in to the victim server through SSH.
Software and systems that have been successfully utilized
A Redis server that is open to the public network and is not authenticated.
Iii. Suggested repair plan
1, specify the network adapter used by redis service (redis needs to be restarted to take effect)
In the redis. Conf file, find “# bind 127.0.0.1”, remove the # sign, and save. Note: Redis can only be accessed on this machine.
2, set access password (need to restart redis to take effect)
Go to the “requirePass” field in redis.conf and fill in the password you need, which redis clients will also need to access the Redis service
3. Modify the Redis service operation account
Run the Redis service with a lower permission and disable the login permission of the account. Attackers can be restricted from writing files to disk, but Redis data can still be accessed or maliciously deleted by hackers.
4. Configure firewall policies
If the Redis service needs to be accessed by other servers, you can set the iptables policy to allow only the specified IP address to access the Redis service. 111111