HTTP: Alibaba Nacos AuthFilter Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Alibaba. A successful attack can lead to Authentication bypass.
Extended Description
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.
Affected Products
Alibaba nacos
References
CVE: CVE-2021-29441
Short Name
HTTP:CTS:ALIBABA-NACOS-AUTHBPAS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Alibaba AuthFilter Authentication Bypass CVE-2021-29441 Nacos
Release Date
05/20/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3384
False Positive
Unknown
Vendors
Alibaba
CVSS Score
7.5