Redis: usage of weak password (ACL)

Redis serves as a swiss-army-knife for all things data, queue, logs and more. This means it is more than probable that data in Redis is sensitive and requires proper security around it.

This is why user authentication (ACL) in Redis should use strong passwords, like any other strong-password best practice.

Using weak or short passwords can be a security risk. Short passwords are predictable and can be brute-forced, especially if a hacker has obtained your configuration file.

Problem

We located a weak / short password in your Redis configuration file, which means that:

  1. It is better to use a long password
  2. It should be verified that there are no hardcoded passwords, or that you're generating a configuration dynamically in production with solutions such as confd.

Fix

Employ strong passwords best practices, as well as password rotation policies.

See