Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Redis instance in Google Cloud Memorystore is not configured with AUTH enabled, meaning it does not require a password for access. This leaves the database open to unauthorized connections.
Impact#
Without AUTH enabled, anyone with network access to the Redis instance can read, modify, or delete data, potentially leading to data breaches, service disruption, or unauthorized manipulation of application data.