Primary

Context

Yii 2 Redis Extension AUTH Parameter Logging Vulnerability

Vulnerability

A vulnerability exists in the Yii 2 Redis extension for the Yii framework 2.0, affecting versions prior to 2.0.20. When a connection fails, the extension logs the sequence of commands, including AUTH parameters, which are recorded in plain text. This exposure of usernames and passwords could be problematic if an attacker gains access to the logs.

Impact

The vulnerability allows for the exposure of AUTH parameters, including usernames and passwords, in the logs. This could lead to unauthorized access if the logged credentials are compromised.

Remediation

Users can upgrade to Yii 2 Redis extension version 2.0.20 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.1

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yii 2 Redis Extension AUTH Parameter Logging Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating