Memcached servers provide a dynamic, distributed memory object caching system to improve application performance. The security model for Memcache is basically “trust your network”, and unfortunately most networks can’t be trusted.
You’ll find the service listening on port 11211 by default. On a recent test we discovered a memcached server and after some research into extracting the data from it, came up empty. In response, I’ve developed a python script to dump data from memcached servers:
This service is interesting because you not only get to read the potentially sensitive data in the cache, but it is also trivial to modify values already in the cache. This can be done simply by accessing the “memcached” server over telnet and using the “set” command as documented here:
One interesting attack vector here would be stored XSS in a web application, or potentially SQL injection if the application is caching SQL queries (which some appear to do).