SYM_CONF_0193 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Redis instance in Google Cloud Memorystore is not configured with AUTH enabled, meaning it does not require a password for access. This leaves the database open to unauthorized connections.
Impact
Without AUTH enabled, anyone with network access to the Redis instance can read, modify, or delete data, potentially leading to data breaches, service disruption, or unauthorized manipulation of application data.