search

alibaba / nacos

an easy-to-use dynamic service discovery, configuration and service management platform for building cloud native applications.
https://nacos.io
Apache License 2.0
30.04k stars 12.8k forks source link

About QVD-2023-6271 #10103

Closed jinanxiaolaohu closed 1 year ago

jinanxiaolaohu commented 1 year ago

How can I resolve this security problem About QVD-2023-6271
in https://mp.weixin.qq.com/s/5lE_9I6-r1CE8CYtUZG1rQ

In your doucument,

Sholud I Change "nacos.core.auth.enabled" and "nacos.core.auth.default.token.secret.key" both

Or Change "nacos.core.auth.default.token.secret.key" only ?

IF change both , Should we update our app to access my nacos server?

Thanks

YunWZ commented 1 year ago

both are required

KomachiSion commented 1 year ago

If your app don't set the username and password, you should set the user and password to your app and restart.

KomachiSion commented 1 year ago

Suggest move to #10105 to discuss.