Skip to main content

Insufficiently Protected Credentials

CVE-2023-50291

Severity High
Score 7.5/10

Summary

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr versions 6.0.0 through 8.11.4, and 9.0.0 through 9.2.1. One of the two endpoints that publish the Solr process' Java system properties, "/admin/info/properties", was only setup to hide system properties that had "password" contained in the name. There are some sensitive system properties, such as "basicauth" and "aws.secretKey" does not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This "/admin/info/properties" endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default, all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: "-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*".

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Advisory Timeline

  • Published