S4E

Apache DolphinScheduler Default Login Scanner

This scanner detects the use of Apache DolphinScheduler in digital assets. Detecting default admin credentials helps in securing the system against unauthorized access.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

1 minute

Time Interval

23 days 15 hours

Scan only one

Domain, IPv4

Toolbox

-

Apache DolphinScheduler is a distributed and open-source big data workflow scheduler platform. It is widely used by organizations that require efficient and stable support for complex data flows. System administrators and data engineers primarily use it to manage and schedule data processing tasks. The platform aims to solve the complex dependencies in task scheduling by providing intuitive visual interfaces for task management. Developed under the Apache Software Foundation, it ensures high availability and reliability in managing cron jobs and data pipelines. With its robust plugin ecosystem, DolphinScheduler allows customization and extension to meet diverse workflow requirements.

The vulnerability detected is related to the use of default credentials in Apache DolphinScheduler. Default credentials are a common oversight that poses substantial security risks as they provide an easy entry point for unauthorized users. In many cases, administrators overlook the need to change default settings during the software installation and configuration process. This can lead to significant security vulnerabilities, as attackers may exploit these default settings to gain control over the system. Addressing this vulnerability involves ensuring that strong, unique credentials are used and regularly updated.

Technically, the vulnerability lies in the login mechanism of the Apache DolphinScheduler application. The endpoint vulnerable to exploitation is '/dolphinscheduler/login', which accepts POST requests with credentials as payload parameters. By using the default username 'admin' and password 'dolphinscheduler123', an attacker can successfully authenticate and gain admin privileges, as evidenced by the response indicating a successful login and session ID generation. This underscores the importance of securing default credentials to prevent unauthorized access.

When exploited, the default login vulnerability can have serious consequences. Malicious actors can gain administrative access to the scheduling platform and potentially manipulate or disrupt scheduled tasks. This might lead to unauthorized data access, data corruption, or even service downtime. Therefore, securing access by changing default credentials is critical to maintaining the integrity and security of the system.

REFERENCES

Get started to protecting your Free Full Security Scan