CCE-500028-6| Platform: any | Date: (C)2021-07-27 (M)2024-05-03 |
The Redis server should be always protected with authentication else any remote attacker can exploit this to gain unauthorized access to the server
Parameter:
[]
Technical Mechanism:
Enable Password Protection for the Redis Server
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.3 | Attack Vector: NETWORK |
| Exploit Score: 3.9 | Attack Complexity: LOW |
| Impact Score: 3.4 | Privileges Required: HIGH |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References:
