CVE-2021-41192 Scanner
Detects 'Default Secret Keys' vulnerability in Redash affects v. 10.0.0 and prior.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Redash is a highly popular data visualization and sharing platform that allows its users to make sense of their data by creating dashboards, querying databases, and generating visualizations. Its powerful features allow organizations to make data-driven decisions, visualize performance metrics, monitor marketing campaigns, and much more. With Redash, users can connect to a wide variety of data sources, including SQL databases, NoSQL databases, Big Data platforms, SaaS platforms, and REST APIs.
CVE-2021-41192 is a security vulnerability that has been detected in Redash versions 10.0.0 and prior, where a default value is used for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY` environment variables. Since the default value is the same across all installations that have not explicitly specified these environment variables, it's easy for attackers to forge sessions and gain unauthorized access to the instance. This can lead to sensitive data being stolen, malware being installed on the server, or the organization's reputation being damaged.
When exploited, the CVE-2021-41192 vulnerability can lead to severe consequences for the affected organization. Attackers can use this vulnerability to gain access to confidential data, steal intellectual property, execute arbitrary code, or sabotage the company's operations by hijacking user sessions. In some cases, these attacks may not be immediately detected, which can lead to prolonged damage and give attackers enough time to extract maximum value from the breach.
Thanks to the pro features of securityforeveryone.com, readers of this article can stay up-to-date on the latest vulnerabilities that may be affecting their digital assets. By regularly scanning your network, applications, databases, and other digital assets using our platform, you can quickly identify vulnerabilities and remediate them before they can be exploited. With detailed vulnerability reports, risk assessments, and recommendations for improving security, securityforeveryone.com makes it easy for organizations to stay one step ahead of cyber threats and protect their valuable data from being compromised.
REFERENCES
control security posture