Service:
redis-server
Protocol:
TCPPort:
6379Used for:
In-memory data store, cachingWhy It’s Open
Fast, powerful key-value store. But by default it’s open and unauthenticated.
Common Risks
- No Auth Required
- Write Access to Filesystem
- Command Injection or RCE
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -p 6379 -sVRedis check
redis-cli -h ping
redis-cli -h info
redis-cli -h config get *
redis-cli -h keys *
redis-cli -h set testkey "testvalue"
redis-cli -h get testkey
redis-cli -h flushallWhat to Look For
| Checkpoint | What it means |
|---|---|
| Unauthenticated | Full access to in-memory DB |
| Open to internet | Known attack vector |
Known Exploits
- CVE-2015-4335 Redis before 3.0.2 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a large number of new connections.
- CVE-2018-11218 Redis before 4.0.10 and 5.x before 5.0 RC3 allows remote attackers to execute arbitrary code via a crafted Lua script.
Mitigation
- Bind to localhost or private IPs.
- Require AUTH password.
- Monitor usage and disable dangerous commands.
TL;DR
- Service: Redis (In-memory data store)
- Default Port: 6379
- Risks: Unauthenticated access, RCE via Lua scripting, data exfiltration
- Mitigation: Bind to localhost or trusted IPs, require authentication, disable dangerous commands