Disclaimer: This article is for learning and reference only. All resources involved in it are from the Internet. Please do not use them for any illegal acts, otherwise you will bear the corresponding consequences yourself, and I do not assume any legal and joint and several liabilities. bold style

Vulnerability description

Nacos is a new open source project launched by Alibaba. It is a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. Dedicated to helping discover, configure, and manage microservices. Nacos provides a set of easy-to-use feature sets that can quickly implement dynamic service discovery, service configuration, service metadata, and traffic management.

This vulnerability occurs when nacos performs authentication and authorization operations, it will determine whether the requested user-agent is "Nacos-Server", and if so, no authentication will be performed. The original intention of the developer is to handle some server-to-server requests. However, because the configuration is too simple, and the negotiated user-agent is set to Nacos-Server, which is directly hard-coded in the code, resulting in the emergence of vulnerabilities. And using this unauthorized vulnerability, an attacker can obtain sensitive information such as username and password.

Sphere of influence

<= Nacos 2.0.0-ALPHA.1

< Nacos 1.4.1

Environment build

The vulnerability environment is built using docker, first write the docker-compose.yml configuration file

version: "3"
services:
  nacos:
    restart: always
    image: nacos/nacos-server:1.4.0
    container_name: nacos
    ports:
      - 8848:8848
    environment:
      MODE: standalone

Then, execute the command docker-compose up -d to pull the image and start the container

After the container is up, visit the browser

insert image description here