Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Default Credentials in nginx-defender Configuration Files
Vulnerability Description
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
CWE-1392
Vulnerability Title
nginx-defender 安全漏洞
Vulnerability Description
nginx-defender是Anish Paleja个人开发者的一个轻量级的实时日志监控工具。 nginx-defender存在安全漏洞,该漏洞源于默认凭据可能导致绕过安全保护。
CVSS Information
N/A
Vulnerability Type
N/A