Why Redis Unauthorized Access Is a Critical Threat and How to Fix It

This article, authored by senior security expert Yu Xian, warns about a severe Redis unauthorized‑access vulnerability that can allow attackers to compromise systems, even if Redis is not publicly exposed.

Vulnerability Overview

By default Redis binds to 0.0.0.0:6379, exposing the service to the Internet. Without authentication, any reachable client can access Redis data.

Attackers can use Redis commands to write their public key into /root/.ssh/authorized_keys, granting SSH access to the host.

Vulnerability Description

Redis’s security model advises never exposing Redis to untrusted networks because it is dangerous.

The developers chose not to enforce authentication, assuming 99.99 % of deployments run in isolated environments; adding security rules for the remaining 0.01 % was deemed not cost‑effective.

However, many deployments bind to 0.0.0.0:6379 without authentication, and without firewall rules, the service is publicly reachable.

Using Redis’s file‑write capabilities, an attacker can place a public key into /root/.ssh/authorized_keys and log in directly.

Impact

Any Redis instance exposed to the Internet without authentication or proper network controls can be exploited.

ZoomEye reports about 97,700 publicly accessible Redis servers.

漏洞编号: SSV-89715
提交时间: 2015-11-11
披露/发现时间: 未知
漏洞等级: 高危(8)
漏洞类别: 越权访问
漏洞作者: 未知
漏洞提交者: Root
影响组件: Redis