Alibaba Canal Config Cloud Key Information Leakage Vulnerability
Alibaba Canal Config Cloud Key Information Leakage Vulnerability
Alibaba Canal config Cloud Key Information Leakage Vulnerability
Vulnerability Description
Since /api/v1/canal/config does not perform permission verification to access directly, a series of sensitive information such as account password, accessKey, secretKey, etc. are leaked
Vulnerability Impact
Alibaba Canal
Network surveying and mapping
title=”Canal Admin”
Vulnerability reappears
The Url of the verification vulnerability is
/api/v1/canal/config/1/0
The aliyun.access key is leaked, which can control all servers under the key.
Default password admin/123456
This post is licensed under CC BY 4.0 by the author.