Unprotected memcached

medium Nessus Plugin ID 52633

Synopsis

Memcached is running on a public IP address.

Description

Memcached is a memory-based object store. As it is designed for performance, this program does not contain any security mechanism (ie: authentication), meaning that anyone can connect to this server and perform queries against it.

Solution

Make sure that the machine is properly protected by a firewall and that traffic to the port is restricted to authorized hosts.

See Also

http://memcached.org/

http://web.archive.org/web/20100710073600/http://www.eu.socialtext.net:80/memcached/index.cgi?

https://www.mediawiki.org/wiki/Memcached

Plugin Details

Severity: Medium

ID: 52633

File Name: unprotected_memcached.nasl

Version: 1.6

Type: remote

Family: General

Published: 3/11/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Services/memcached