🗄️ Unauthenticated Redis Access

📌 Description

Redis is an open-source in-memory data structure store. If not correctly configured, it may be exposed on Port 6379 without a password, allowing anyone to read the database, modify keys, or even gain code execution in some cases.

🔍 How to Test

Connect via redis-cli: redis-cli -h <IP>
Test access: info
List keys: keys *
Get value: get <key>

🛠️ Mitigations

Require Password: Set requirepass in redis.conf.
Bind to Loopback: Ensure Redis only listens on 127.0.0.1.
Change Port: Use a non-standard port.

🏁 Redeemer

🛡️ Cyber with KT Vault

Explorer

Unauthenticated_Redis

🗄️ Unauthenticated Redis Access

📌 Description

🔍 How to Test

🛠️ Mitigations

Graph View

Table of Contents

🛡️ Cyber with KT Vault

Explorer

Unauthenticated_Redis

🗄️ Unauthenticated Redis Access

📌 Description

🔍 How to Test

🛠️ Mitigations

🏷️ Related Machines

Graph View

Table of Contents