【产品缺陷】控制台里安全组漏洞,请重视

[问题描述]:

我在另外一个账号上新购了一台阿里云的ecs,centos7.4,因为要安装宝塔的面板工具(本人技术水平有限,想简单快速安装nginx-tengine,我也不会手动改各种配置和配置ssl这样的操作)。

所以我就需要放行端口,所以我就要修改安全组规则。默认要把8888打开,8888/8888,授权0.0.0.0/0。这个我经常搞,可以熟练操作。

但是在我新建规则的时候遇到了验证码(这个保护虽然让我很不方便,但是很安全),我另外的那个手机号实在是不方便接收。

于是,我想到了一个办法,把我这个账户上的安全组规则进行导出,然后去另外一个号上去导入。真的是没想到,竟然成了。导出的是json格式的。

我格式化了一下,请查看附件的图片吧,用的arial字体,你们可以orc识别一下,就是正常的配置。(粘贴在这里影响篇幅,ps简单做了一张图)

这个我认为存在隐患吧,但是说不清楚。但是用户的这个操作,应该要想到的。

对了,我的环境是

Chrome 67.0.3396.99 (正式版本) (32 位)

Windows 10 专业版 版本1803 (OS 内部版本 17134.228)

是在Chrome下导出的,在Chrome隐身模式下登陆的另外一个账号进行导入的。

[建议方案]:

建议重视,我和公司一直都是用的阿里云服务器,曾在工单中回复“买的不是服务器,是服务”!希望越做越好!
##############第一次修改##############
#######更换了附件,忘了给自己端口打码了######

###########提交2018-08-22-05-17###########

json.png

【产品缺陷】控制台里安全组漏洞,请重视》有189个想法

  1. Pingback: pfizer generic viagra
  2. Pingback: cialis generic
  3. Pingback: real viagra
  4. Pingback: cialis generic canada
  5. Pingback: viagra
  6. Pingback: cialis generic name
  7. Pingback: viagra 100mg
  8. Pingback: cialis on line
  9. Pingback: viagra alternative
  10. Pingback: cialis online
  11. Pingback: viagra cost
  12. Pingback: viagra for men
  13. Pingback: cialis pills
  14. Pingback: viagra for sale
  15. Pingback: cialis price
  16. Pingback: viagra for women
  17. Pingback: cialis vs levitra
  18. Pingback: viagra generic
  19. Pingback: viagra in action
  20. Pingback: cost of cialis
  21. Pingback: viagra on line
  22. Pingback: generic cialis
  23. Pingback: viagra online
  24. Pingback: generic cialis canada
  25. Pingback: generic cialis online
  26. Pingback: viagra pill
  27. Pingback: viagra pills
  28. Pingback: generic for cialis
  29. Pingback: viagra price
  30. Pingback: natural cialis
  31. Pingback: viagra prices
  32. Pingback: viagra vs cialis
  33. Hi there, I discovered your blog via Google at the same time aas searching ffor
    a comparable matter, your webb site came up, it seems great.
    I’ve bookmarked it in my google bookmarks.
    Hi there, simply became alert to your blog via Google, and found that iit
    is really informative. I am gonna wath out forr brussels.
    I will be grateful in the event you continue this
    in future. Numerous other people caan be benefited out off your writing.
    Cheers!

  34. Hmm it looks like your site ate my first comment (it was super long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly
    enjoying your blog. I as well am an aspiring blog writer but I’m still new to the whole thing.
    Do you have any recommendations for first-time blog writers?

    I’d genuinely appreciate it.

  35. This is the right blog for everyone who wishes to understand this topic.
    You understand a whole lot its almost hard to argue with you (not that I really would
    want to…HaHa). You certainly put a new spin on a topic that has been written about for a long time.
    Great stuff, just great!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

答案 : *
10 − 7 =