Apache InLong Default Login Scanner
This scanner detects the use of default login credentials in Apache InLong across digital assets. It helps ensure security by identifying potential unauthorized access points.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
19 days 16 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Apache InLong is an open-source software primarily used for data ingestion and stream processing, often deployed by organizations for real-time data handling and as part of big data solutions. It serves companies looking to manage their big data flow efficiently, providing robust features for capturing and processing data streams. The Apache InLong system is implemented in multiple sectors, enhancing the management of data streams through a centralized platform. Organizations often choose InLong for its scalability and its capability to integrate with various data processing systems. Its functionality extends across diverse environments, helping automate and manage the data lifecycle.
This detection scanner identifies the presence of default administrator login credentials in Apache InLong installations. The vulnerability arises when default credentials are not changed by the administrators, posing a risk of unauthorized access. The scanner helps system administrators and security personnel pinpoint potentially vulnerable InLong instances which require credential updates. When default credentials are employed, attackers could gain administrative access without any additional effort, compromising the digital asset. The detection's main objective is ensuring that operational systems do not employ these default login details.
Technical details involve checking for the default combination of "admin" for the username and "inlong" for the password through the login API endpoint. The vulnerable endpoint is the "/inlong/manager/api/anno/login" path in the InLong manager, and a successful login with these defaults results in a JSON response indicating a successful authentication. This scanner effectively performs a POST request to the specified endpoint and verifies the response for specific success indicators such as status 200 and matching words in the JSON body. Identifying such vulnerabilities helps enforce necessary security measures in a timely manner.
Exploitation of this vulnerability can lead to unauthorized access to the Apache InLong management console. If an attacker successfully logs in with default credentials, they may execute arbitrary management operations, modify configurations, and potentially exfiltrate sensitive data. Such incidents can compromise data integrity, lead to data breaches, and expose the organization to additional compliance and operational risks. It is crucial to mitigate these risks by ensuring default credentials are updated regularly.
REFERENCES
