Unprotected memcached

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

Memcached is running on a public IP address.

Description :

Memcached is a memory-based object store. As it is designed for
performance, this program does not contain any security mechanism
(ie: authentication), meaning that anyone can connect to this
server and perform queries against it.

See also :

http://memcached.org/
http://www.eu.socialtext.net/memcached/index.cgi
http://www.mediawiki.org/wiki/Memcached

Solution :

Make sure that the machine is properly protected by a firewall and
that traffic to the port is restricted to authorized hosts.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: General

Nessus Plugin ID: 52633 ()

Bugtraq ID:

CVE ID: