When all else fails - find a 0-day
- Komodo Research
- May 30, 2019
- 4 min read
Updated: Sep 23, 2025

How a failing red-team engagement led us to find a silly zero day.
And why “insecure by default” is still an issue in today’s time.
In early 2019 we conducted a red-team engagement for a security tech company that, well, knows how to secure stuff. The scope excluded social engineering or any physical attacks against the office network, so we were left with only the internet-facing attack surface.
Confident and proud, we found 2 SQL Injections and an RCE in a matter of hours. We broke into the network and gained access to the most sensitive internal DB packed with consumer data.
Actually, none of that happened. The company did a fantastic job with securing their perimeter, after all - they are a security vendor.
Exposed DB - a new hope?
The company did however have an InfluxDB cluster open to the internet. It was protected by a password and all attempts to brute force it failed. So we did the only thing desperate hackers can do: find a 0-day in InfluxDB.
InfluxDB is an open-source time-series database, used to collect mostly metric data from time-sensitive systems, such as IOT. In our case, it collected data from various application servers and DB clusters and was used for monitoring purposes, probably by the company’s NOC.
Having no other leads for breaking into the network, I started reading InfluxDB’s documentation in order to fully understand how the authentication mechanism works. It turns out that InfluxDB supports both password and “JWT” based authentication.
JWT is an authentication method that is based on a “shared secret,” which is known to both parties. If an external party knows the “secret,” it can create valid tokens and authenticate with them.
(In)secure by default
“Secure by Default” is a concept in which the software is initially designed to be secure in its default configuration. It doesn’t require the user to manually configure or turn on security features in the system. This concept makes it difficult for a user to accidentally expose its system to unwanted access. A classic example for systems that do not follow this practice, and that we hear about every now and again, is exposed MongoDB’s that don’t require authentication. (Updated versions of MongoDB do offer enhanced security controls, so feel free to go ahead and use it).
Reading InfluxDB’s source code, it was apparent that the default setup of the JWT does not create any value in the “shared-secret” key. In other words, the “secret” needed to create a valid JWT token is empty by default. Users are expected to generate a secure secret on their own, but the documentation doesn’t mention that.

This felt quite silly to me, as this was not a sophisticated vulnerability. It had no fancy buffer overflows or command injections and was just a default insecure configuration. Nonetheless, even the most vigilant security admins can fall for this and unknowingly expose their systems to breaches.
In our red-team engagement, this issue effectively allowed us to extract sensitive internal metadata including server addresses, internal JIRA communication, and a little bit of customer data. It also allowed us to expand the attack surface and find servers and applications that we were unaware of.
Steps to reproduce
First things first, this issue was privately reported to the InfluxDB team in the beginning of the year. They responded quickly and efficiently, and, according to them, the issue should be mitigated by now (I haven’t re-tested it though).
If you are an admin with an old version of InfluxDB (1.3), I would recommend updating or setting a shared secret in the config file.
In order to test if your instance is vulnerable, please go through the following steps.
Test this ONLY against your own infrastructure and DO NOT try this without authorization from the system’s owner.
Discover a user name in the system via the following URL: https://<influx-server-address>:8086/debug/requests
Create a valid JWT token with this user, an empty secret, and a valid expiry date You can use the following tool for creating the JWT: https://jwt.io/ header - {"alg": "HS256", "typ": "JWT"} payload - {"username":"<input user name here>","exp":1548669066} signature - HMACSHA256(base64UrlEncode(header) + "." +base64UrlEncode(payload),<leave this field empty>) The expiry date is in the form of epoch time.
Authenticate to the server using the HTTP header: Authorization: Bearer <The generated JWT token> There you have it, now you are logged into the system. You can now query the data using InfluxQL.
Final thoughts
In these days everything is instantaneous, infrastructure is set up with the click of a button. Dev-Ops & IT folks rely on the vendors to provide secure solutions that keep hackers out by default, without the hassle of tedious configuration or setup work.
It is the responsibility of vendors (or us - those teaching the developers) to lower the risk of human error as much as possible.
In today’s time, “secure by default” should be the motto of any development team regardless of the sensitivity of their product and the nature of the system’s users.
This red-team engagement highlights the importance of professional, intelligence-led testing to uncover hidden risks before attackers do. To ensure your systems are tested against the most sophisticated threats, organizations can rely on KomodoSec’s intelligence-led red team services.
Founded by seasoned security specialists with worldwide experience and military intelligence expertise, KomodoSec delivers regulator-grade red team penetration testing on live production environments. Our assessments cover critical functions, include key third parties, and follow EU TLPT RTS and TIBER-EU guidance end-to-end, producing the exact artifacts supervisors require for validation and attestation. By combining real-world 0-day vulnerability discovery with comprehensive APT simulation, we help organizations strengthen their security posture and adopt truly secure-by-default configurations.



J'aime beaucoup la signification du mot « article », qui peut développer une réflexion très large. Merci à
khodro031.ir
Рожеві анемони створюють у саду легкий, романтичний акцент. Їхні квіти виглядають ніжно, але не надто солодко, особливо якщо поєднати їх із декоративними травами, папоротями або спокійною зеленню. Рожеві анемони добре підходять для міксбордерів, напівтіньових ділянок і природних композицій, де важливий рух і м'якість.
Залежно від виду анемони можуть цвісти навесні або ближче до осені, тому їх варто добирати під конкретний сезонний сценарій. Рожевий колір добре працює поруч із білими, фіолетовими, зеленими та сріблястими рослинами. Для вибору варіантів і догляду варто звернутися до https://florica.com.ua/roslyny/bahatorichnyky/anemona-vitrenytsia+rozhevyi/, бо рожеві анемони мають різні вимоги до світла й вологи.
Рослинам потрібен пухкий грунт без застою води. У спекотних місцях їм може бути комфортніше в легкій півтіні, де квіти довше зберігають свіжість. Анемони краще висаджувати групами, щоб…
Геймерский стол для девочки-подростка должен быть удобным для учебы, игр и хранения техники. Важны размер, высота, кабель-менеджмент, устойчивость, место для монитора и общий стиль комнаты. Лучше выбирать не только по цвету, а по реальной эргономике. Подробнее: Как подобрать геймерский стол для девочки-подростка?.
Mình có lần lướt đọc mấy trao đổi trên mạng شيخ روحاني thì thấy nhắc nên cũng tò mò mở ra xem thử cho biết. Mình không tìm hiểu sâu rauhane chỉ xem qua trong thời gian ngắn để quan sát bố cục s3udy cách sắp xếp các mục và trình bày nội dung tổng thể. Cảm giác là các phần được trình bày khá gọn, các mục rõ ràng nên đọc lướt cũng không bị rối Berlinintim, với mình như vậy là đủ để nắm tin cơ bản rồi. q8yat
Рослини з декоративним листям відіграють особливу роль у ландшафтному дизайні, адже зберігають привабливість протягом тривалого часу, а інколи й усього сезону. Якщо квіти найчастіше стають тимчасовим яскравим акцентом, то декоративне листя формує основу композиції та додає саду глибини. Саме тому такі кущі часто використовують для оформлення бордюрів, створення контрастних груп, заповнення простору між деревами та підкреслення геометрії клумб. Вони можуть мати різні відтінки зеленого, пурпурового, жовтого чи строкатого листя, що відкриває широкі можливості для комбінування.
Щоб зробити сад візуально багатшим і цікавішим, варто звернути увагу на листяні кущі з декоративним листям, які допомагають зберігати виразність ділянки навіть поза періодом активного цвітіння. Такі рослини вдало поєднуються з хвойними культурами, багаторічниками та газонними композиціями. Їх використовують як для класичних, так і для сучасних…