Skip to main content

Redis Server Password

Description#

General#

  • Documentation: https://redis.io/documentation
  • Summary: Redis is a distributed in-memory key-value database. This detector aims at catching Redis passwords leaked in CLI. Typically the password is the one used when setting up the server with the redis-server command.
  • IPs allowlist: IP allowlisting can and should be implemented on the server hosting the Redis instance. Refer to this security documentation for more details.
  • Scopes: By default Redis does not implement Access Control. Yet, an authorization layer can be set when configuring Redis. Since Redis 6, a real Access Control List can be set to attribute different scopes to different users. Before this, a single password gave full access to the database. See this ACL documentation for more details on the topic.

Revoke the secret#

Redis supports the DELUSER command to both delete the specified users and terminate all their connections.

Check for suspicious activity#

Suspicious activity can be detected by auditing Redis log files.

Details for Redis server password cli#

  • Family: Database

  • Category: Data storage

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.36

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - redis-server- type: ContentWhitelistPreValidator  patterns:  - --requirepass

Examples#

- text: |    redis:        image: redis:alpine        restart: always        command: /bin/sh -c "redis-server --requirepass ltr6qpi@55"  password: ltr6qpi@55