Unauthorized Access Vulnerability in Memcached

What is Memcached?

Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.

Memcached is simple yet powerful. Its simple design promotes quick deployment, ease of development, and solves many problems facing large data caches. Its API is available for most popular languages.

Vulnerability analysis

Memcached ports are open to the public and are not configured with authentication options. Unauthorized users can directly access all information in the database, causing serious information leakage.

Shodan search

Exploit

Use Telnet connection, and enter the stats command can see the system pid process number.