contexts
The company acquired another company, so the corresponding back-end services and servers are handed over to me to manage, but there is no handover document, probably looked at the code, dependencies and went to work on something else.
Until today when the cyber police called me out of the blue to say that there was a vulnerability in the system (CVE-2021-29441) and gave me the access address
Good guy, directly can see the username and password, is not a violent crack will come out, and also all the default password, and then use the identity to get things
cure
It is understood that there are two main versions involved
- Nacos < 1.4.0, this version sets User-Agent: Nacos-Server in the request header, so you can use the interface to get user information.
- Nacos <= 2.2.0, similar to the above, except that it went from code-written-to-death to customizable, but with an initial value, which was removed in subsequent releases
Just follow the official website to fix it:
/blog/faq/nacos-user-question-history14945/
Reproduction mode, cf.
/developer/article/1784279
Below 1.4.0 must be upgraded; for other versions, just change the default configuration and reboot!
Or only exposed on the intranet
Reference:
- /blog/faq/nacos-user-question-history14945/
- /docs/latest/guide/user/auth/
- /developer/article/1784279
- /spmonkey/p/
- /spmonkey/p/
- /thespace/p/
- /m0_52985087/article/details/136879673
- /Innocence_0/article/details/139087969
Here's a block of anti-climbing code, I don't mind articles being crawled, but please give credit where it's coming from
("Author's homepage:/Go-Solo");;
("Original post address: /Go-Solo/p/18408669");;