Hacker News new | comments | show | ask | jobs | submit login
Insecure default in Elasticsearch enables remote code execution (bouk.co)
13 points by bouk on May 12, 2014 | hide | past | web | favorite | 1 comment



Yet another reason to have your dev stuff run in a separate VM. The attacker in theory could still do the same trick, but he'd first have to guess the IP of the VM (probably simple, since a lot of people forward local ports) but all damage would be limited to the VM (yes, I have the users vagrant and root on that VM). Still not perfect, but much better.




Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: