Redis Credentials
#
Description#
General- Documentation: https://redis.io/documentation
- Summary: Redis is a distributed in memory key-value database. This detectors aims at catching redis credentials consisting of a host, port, username and password in a connection uri string, in an assignment form or in a CLI command
- IPs allowlist: IP allowlisting can and should be implemented on the server hosting the redis instance. Refer to this security documentation for more details.
- Scopes: By default Redis does not implement Access Control. Yet, an authorization layer can be set when configuring Redis. Since Redis 6, a real Access Control List can be set to attribute different scopes to different users. Before this, a single password gave full access to the database. See this acl documentation for more details on the topic.
#
Revoke the secretRedis supports the DELUSER
command to both delete the specified users and terminate all their connections.
#
Check for suspicious activitySuspicious activity can be detected by auditing redis log files.
Redis assignment
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 9.27
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - redis
#
Examples- text: > -spring.redis.database=0 -spring.redis.host=12.34.56.78 -spring.redis.port=6379 -spring.redis.password=why12345 -spring.redis.timeout=10000ms
password: why12345 host: "12.34.56.78" port: "6379"
- text: > +REDIS_HOST=123.123.123.123 +REDIS_PASSWORD=qg7MkRRIH3wBZk75Z8CKoMgUe8Lg4FIHbCAWSDqiG9m7P54321 +REDIS_PORT=6579 +DB_HOST=123.123.123.123 +DB_PORT=3506 +DB_DATABASE=mjt +DB_USERNAME=zzym +DB_PASSWORD=pqwoeirj;aslkdfjasdk
host: "123.123.123.123" password: qg7MkRRIH3wBZk75Z8CKoMgUe8Lg4FIHbCAWSDqiG9m7P54321 port: "6579"
Redis uri
#
Details for Family: Database
Category: Data storage
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 5.78
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - redis
#
Examples- text: > CONECTION_URI="redis://root:m42ploz2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42ploz2wd scheme: redis database: thegift connection_uri: redis://root:m42ploz2wd@google.com:5434/thegift
- text: > CONECTION_URI="rediss://root:m42ploz2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42ploz2wd scheme: rediss database: thegift connection_uri: rediss://root:m42ploz2wd@google.com:5434/thegift
# Test special characters in password- text: > CONECTION_URI="rediss://root:m42p!o@2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42p!o@2wd scheme: rediss database: thegift connection_uri: rediss://root:m42p!o@2wd@google.com:5434/thegift
# Test detection in md files- text: > CONECTION_URI="rediss://root:m42p!o@2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42p!o@2wd scheme: rediss database: thegift connection_uri: rediss://root:m42p!o@2wd@google.com:5434/thegift filename: some_file.md
Redis cli
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.36
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - redis-cli - redli
#
Examples- text: > redli --tls -h db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com -astr0ngp@55 host: db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com password: str0ngp@55
- text: > redli --tls -h 12.76.135.14 -astr0ngp@55 host: 12.76.135.14 password: str0ngp@55
- text: > redli --tls -h db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com --auth str0ngp@55 host: db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com password: str0ngp@55
- text: > redli --tls -h db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com --auth=str0ngp@55 host: db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com password: str0ngp@55
- text: > redis-cli --tls -h db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com --pass str0ngp@55 host: db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com password: str0ngp@55
- text: > redis-cli --tls -h db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com --pass str0ngp@55 host: db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com password: str0ngp@55
# Multiple whitespaces- text: > redis-cli --tls -h db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com --pass str0ngp@55 host: db-redis-ams3-27524-do-user-7772205-0.a.db.ondigitalocean.com password: str0ngp@55