[Vulnerability notice] Root account privilege escalation vulnerability caused by improper configuration of Redis

Description

The Redis service was exposed to have a vulnerability that may be maliciously exploited by attackers because of improper configuration.

With Redis’s built-in commands, hackers can maliciously delete all existing data. If Redis is run with the root account, hackers can write SSH public key files to the server and directly log on to the server.

Affected versions

Redis servers that are open to the Internet and have not enabled authentication for access

Fix

Note: You must restart Redis to bring the changes into effect.

• Limit IP addresses allowed to access the database. Modify bind 127.0.0.1 in redis.conf to the IP addresses allowed to access the database.

• Set the access password. Add your expected access password after the requirepass field in redis.conf.

• Change the Redis running account. Run the Redis service with an account with lower permissions and disable the logon permission for this account.