nginx Defender Default Credentials Configuration Vulnerability Allowing Administrative Access
Vulnerability
A configuration vulnerability has been identified in nginx-defender, a Web Application Firewall and threat detection system. This issue affects versions prior to 1.5.0. The vulnerability arises from default credentials included in example configuration files, such as 'config.yaml' and 'docker-compose.yml'. If users deploy nginx-defender without modifying these defaults, attackers with network access could gain administrative control, circumventing security measures.
Impact
Exploitation of this vulnerability could lead to unauthorized administrative access on the nginx-defender deployment, allowing attackers to bypass security protections.
Remediation
Users can upgrade to nginx-defender version 1.5.0 or later, where this vulnerability is addressed. Alternatively, users can manually change the default credentials in the 'config.yaml' and 'docker-compose.yml' files before deployment. It is also recommended to restrict access to the admin interface and use environment variables for managing secrets.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.