CVE-2021-31917
📋 TL;DR
This vulnerability allows attackers to bypass authentication on REST endpoints when DIGEST authentication is configured in Red Hat DataGrid and Infinispan. Affected organizations are those running vulnerable versions with DIGEST authentication enabled, potentially exposing sensitive data and system controls.
💻 Affected Systems
- Red Hat DataGrid
- Infinispan
📦 What is this software?
Data Grid by Redhat
Data Grid by Redhat
Data Grid by Redhat
Data Grid by Redhat
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing unauthorized access to all REST endpoints, leading to data theft, data manipulation, and denial of service.
Likely Case
Unauthorized access to sensitive data and administrative functions through REST API endpoints.
If Mitigated
Limited impact if proper network segmentation and additional authentication layers are in place.
🎯 Exploit Status
Exploitation requires knowledge of REST endpoint URLs but no authentication credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Red Hat DataGrid 8.2.0; Infinispan 12.1.0
Vendor Advisory: https://access.redhat.com/security/cve/cve-2021-31917
Restart Required: Yes
Instructions:
1. Update to patched versions: DataGrid 8.2.0+ or Infinispan 12.1.0+. 2. Restart affected services. 3. Verify authentication is functioning correctly.
🔧 Temporary Workarounds
Disable DIGEST Authentication
allSwitch to alternative authentication methods like BASIC with TLS or other supported mechanisms.
Modify authentication configuration in infinispan.xml or datagrid configuration files to use non-DIGEST methods.
Network Access Control
allRestrict network access to REST endpoints using firewalls or network policies.
Configure firewall rules to limit access to REST API ports (typically 11222) to trusted sources only.
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable systems from untrusted networks.
- Deploy Web Application Firewall (WAF) with authentication bypass detection rules.
🔍 How to Verify
Check if Vulnerable:
Check if running affected versions and if DIGEST authentication is configured for REST endpoints in configuration files.Check Version:
For DataGrid: check server logs or management console. For Infinispan: check META-INF/MANIFEST.MF or server startup logs.Verify Fix Applied:
Verify version is updated to patched release and test authentication on REST endpoints.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful access without valid credentials
- Unusual REST API access patterns from unexpected sources
Network Indicators:
- HTTP requests to REST endpoints without proper authentication headers
- Traffic to REST API ports from unauthorized IP addresses
SIEM Query:
source="datagrid-logs" OR source="infinispan-logs" AND (event="AUTHENTICATION_FAILED" AND event="REQUEST_SUCCESS" within 1s)