Lack of Redis authentication is a widespread issue: While Redis supports authentication, it is often deployed without it, especially on internal networks, but also on the internet. For example, the Wiz researchers note that in 57% of cloud environments, Redis is deployed as a container image and the official Redis container on Docker Hub does not have authentication enabled by default.”The combination of no authentication and exposure to the internet is highly dangerous, allowing anyone to query the Redis instance and, specifically, send Lua scripts (which are enabled by default),” the researchers note. “This enables attackers to exploit the vulnerability and achieve RCE within the environment.”Around 300,000 Redis instances are exposed to the internet and an estimated 60,000 of them do not have authentication turned on. Many more are likely deployed on internal networks without additional security hardening, where any internal hosts can connect to them.Redis servers are a common target, along with other cloud-native technologies, for groups that deploy cryptominers on servers. In the past other Redis Lua sandbox escape vulnerabilities, such as CVE-2022-0543, which specifically impacted the Debian Redis package, were exploited by peer-to-peer worms.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4069136/10-0-severity-rce-flaw-puts-60000-redis-instances-at-risk.html
