Ebuka John Onyejegbu

0 %
Ebuka John Onyejegbu
Red Teamer
Incidence Responder
SANS GCIH | OSCP
  • Residence:
    Nigeria
  • City:
    Lagos
Batch
Bash
Powershell
html
CSS
Js
PHP
WordPress
  • Linux, Windows
  • Windows Server
  • Linux Server
  • Cloud, Azure, AWS, Oracle
0

No products in the cart.

Redis Server Unprotected by Password Authentication

August 9, 2022

Vulnerability: Redis Server Unprotected by Password Authentication

Severity: High

Description: The Redis server running on the remote host is not protected by password authentication. A remote attacker can exploit this to gain unauthorized access to the server.

Solution: Enable the ‘requirepass’ directive in the redis.conf configuration file.

Steps

Log in to the server using SSH. Putty can be used for this.

Verify that Redis is running:

redis-cli

 

Open the Redis configuration file for editing:

nano /etc/redis/redis.conf

 

If the file is not found in that path, check

 /etc/redis.conf

 

If the file is not found in that path as well, enter the following to search for the configuration file (ensure you are in the root folder when searching):

locate redis.conf

 

Configure a Redis password:

When the file has been opened for editing using nano, scroll to the SECURITY section and look for a commented directive that reads:

# requirepass foobared

 

If this is not found manually, use CTRL+W to search for

requirepass

 

Uncomment the line and enter a password of your choice so that it looks like

requirepass passwordofyourchoice2021

 

Save the config file and exit

 

Restart the redis-server

sudo service redis-server restart

 

For Windows

navigate to

C:\Program Files\Redis.
Open the redis.conf or redis-windows.conf

Edit the requirepass line, same as with the Linux stated above.

 

Uncomment the line and enter a password of your choice so that it looks like

requirepass passwordofyourchoice2021

 

Save the config file and exit

Posted in Vulnerability RemediationTags:
Write a comment