流水

【产品缺陷】控制台里安全组漏洞,请重视

[问题描述]:

我在另外一个账号上新购了一台阿里云的ecs,centos7.4,因为要安装宝塔的面板工具(本人技术水平有限,想简单快速安装nginx-tengine,我也不会手动改各种配置和配置ssl这样的操作)。

所以我就需要放行端口,所以我就要修改安全组规则。默认要把8888打开,8888/8888,授权0.0.0.0/0。这个我经常搞,可以熟练操作。

但是在我新建规则的时候遇到了验证码(这个保护虽然让我很不方便,但是很安全),我另外的那个手机号实在是不方便接收。

于是,我想到了一个办法,把我这个账户上的安全组规则进行导出,然后去另外一个号上去导入。真的是没想到,竟然成了。导出的是json格式的。

我格式化了一下,请查看附件的图片吧,用的arial字体,你们可以orc识别一下,就是正常的配置。(粘贴在这里影响篇幅,ps简单做了一张图)

这个我认为存在隐患吧,但是说不清楚。但是用户的这个操作,应该要想到的。

对了,我的环境是

Chrome 67.0.3396.99 (正式版本) (32 位)

Windows 10 专业版 版本1803 (OS 内部版本 17134.228)

是在Chrome下导出的,在Chrome隐身模式下登陆的另外一个账号进行导入的。

[建议方案]:

建议重视,我和公司一直都是用的阿里云服务器,曾在工单中回复“买的不是服务器,是服务”!希望越做越好!
##############第一次修改##############
#######更换了附件,忘了给自己端口打码了######

###########提交2018-08-22-05-17###########

json.png

287 thoughts on “【产品缺陷】控制台里安全组漏洞,请重视

  1. Hey I know this is off topic but I was wondering
    if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates.
    I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something
    like this. Please let me know if you run into anything. I truly enjoy reading your
    blog and I look forward to your new updates.

  2. Simply desire to say your article is as astonishing. The clarity in your post is just spectacular and i could assume you’re an expert
    on this subject. Well with your permission allow me to grab your RSS feed to keep updated with forthcoming post.
    Thanks a million and please carry on the gratifying work.

  3. I know this if off topic but I’m looking into starting my own blog and was
    curious what all is required to get setup? I’m assuming having a blog like yours would cost a pretty penny?
    I’m not very web savvy so I’m not 100% positive. Any suggestions or advice would be greatly appreciated.
    Appreciate it

  4. Howdy! I could havve sworn I’ve visited this site before but after browsing through many of the
    articles I realized it’s new to me. Nonetheless, I’m ceftainly happy I discovered it and I’ll
    be book-marking it annd checking back regularly!

  5. This is really interesting, You’re an excessively professional blogger.
    I’ve joined your feed and look ahead to seeking extra of your
    great post. Additionally, I have shared your website in my social networks

  6. This is very interesting, You’re a very skilled blogger.

    I have joined your feed and look forward to seeking more of your great
    post. Also, I have shared your site in my social networks!

  7. Howdxy would you mind letting me know whicch
    hosting company you’re working with? I’ve loaded your
    blog inn 3 different web browsers andd I must say this blog loads a lot quicker then most.
    Can you suggest a good hosting provider at a honest price?
    Thanks a lot, I appreciate it!

  8. This design is incredible! You certainly know how to keep a reader amused.
    Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Excellent job.
    I really enjoyed what you had to say, and more than that, how you presented it.
    Too cool!

  9. I am not sure where you’re getting your information, but great topic.
    I needs to spend some time learning more or understanding more.

    Thanks for great information I was looking for this info for my mission.

  10. I like the helpful information you provide in your articles.
    I will bookmark your weblog and check again here frequently.
    I am quite certain I’ll learn a lot of new stuff right here!

    Good luck for the next!

  11. A person essentially assist to make significantly posts I’d state.
    This is thhe first time I frequented your web page andd
    up to now? I surprised wih the analysis you made to make this actual submit incredible.
    Great job!

发表评论

电子邮件地址不会被公开。 必填项已用*标注

答案 : *
27 + 24 =


返回顶部