Redis Server Password
- Documentation: https://redis.io/documentation
- Summary: Redis is a distributed in-memory key-value database. This detector aims at catching Redis passwords leaked in CLI. Typically the password is the one used when setting up the server with the
- IPs allowlist: IP allowlisting can and should be implemented on the server hosting the Redis instance. Refer to this security documentation for more details.
- Scopes: By default Redis does not implement Access Control. Yet, an authorization layer can be set when configuring Redis. Since Redis 6, a real Access Control List can be set to attribute different scopes to different users. Before this, a single password gave full access to the database. See this ACL documentation for more details on the topic.
#Revoke the secret
Redis supports the
DELUSER command to both delete the specified users and terminate all their connections.
#Check for suspicious activity
Suspicious activity can be detected by auditing Redis log files.
Redis server password cli#
Category: Data storage
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.36
- type: FilenameBanlistPreValidator banlist_extensions:  banlist_filenames:  check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - redis-server- type: ContentWhitelistPreValidator patterns: - --requirepass
- text: | redis: image: redis:alpine restart: always command: /bin/sh -c "redis-server --requirepass ltr6qpi@55" password: ltr6qpi@55