Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-29441

Published: 27/04/2021 Updated: 07/05/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Github Repositories

https://github.com/Dghpi9/NacosDefaultToken

Alibaba Nacos存在默认token.secret.key,导致远程攻击者可以绕过密钥认证接管Nacos

首发于t00lscom,仅限安全自检,非法使用所造成的一切后果由使用者承担 漏洞原理 好多大佬都分享过了,这里就简单说下: Nacos漏洞版本/conf 默认配置文件 applicationproperties 中,nacoscoreauthdefaulttokensecretkey 使用了硬编码,使用该key可构造jwt进行token认证。 认证成功后获得accessToken ,

https://github.com/ffffffff0x/Pentest101

一些关于渗透测试的Tips

Pentest101 一些关于渗透测试的知识点 无论红队还是蓝队,干活之前先让客户保存好日志和备份(在啰嗦我也要说,血的教训) 大纲 红队 蓝队 Linux Mac 防蓝队 隐私保护 基础设施匿名化 红队 临时邮箱 10minutemailnet/ 姓名、手机号、身份证、统一社会信用代码、组织机构代码、银行卡生

https://github.com/Whoopsunix/nacosScan

nacos api bypass & jwt bypass & get all configs

NacosScan 同步更新 githubcom/Whoopsunix/nacosScan 慢慢磨合 欢迎 issue do what? 漏洞利用 JWT 硬编码登陆 api未授权添加用户 Hessian 反序列化这个洞比较特殊有 group 限制就不加了,可以参考其他师傅的 可从文件中读取,支持输入url,也可以输入 host、ip 自动重定向。最好还是用 url 指定 na

https://github.com/bysinks/CVE-2021-29441

CVE-2021-29441 运行: CVE-2021-29441exe ip 阿里nacos 越权添加账户

https://github.com/h0ny/NacosExploit

Nacos 综合利用工具

NacosExploit Nacos 综合利用工具【Release 下载】 ⚖️ 前情提要 本工具仅用于学习和交流。 由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。 注:工具现在还只是一个 beta 版本 🤣 haha,代码也不够美观,等有

References

CWE-290https://github.com/alibaba/nacos/issues/4701https://github.com/advisories/GHSA-36hp-jr8h-556fhttps://github.com/alibaba/nacos/pull/4703https://nvd.nist.govhttps://github.com/Dghpi9/NacosDefaultToken
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook