Apache Kylin Default Login Scanner
This scanner detects the use of Apache Kylin Console in digital assets. It helps identify vulnerabilities related to default login configurations, ensuring improved security and preventing unauthorized access.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
2 weeks 18 hours
Scan only one
Domain, IPv4
Toolbox
-
Apache Kylin is an open-source analytics engine designed to provide multidimensional analysis (OLAP) on Hadoop and was initially developed to provide a scalable solution for large-scale data analysis tasks. It is widely used by enterprise data teams to create and manage datasets efficiently. Apache Kylin allows users to interactively query massive data, making it an essential tool in many data-driven organizations. It leverages the power of the Apache Hadoop ecosystem to achieve distributed and scalable data processing. The software is generally used in big data environments for its ability to provide high-performance, interactive analytics and reporting capabilities. Apache Kylin is chiefly used in environments where data-driven decisions are critical to business processes and resource planning.
Default Login vulnerabilities occur when software systems are deployed with preset credentials that are not changed or adequately secured by administrators. In Apache Kylin versions before 3.0.0, the Console allows access through a default username and password, namely 'ADMIN' and 'KYLIN'. This vulnerability is critical because it can be easily exploited by a malicious actor to gain unauthorized access to sensitive data and system configurations. Default Login vulnerabilities are typically the result of oversight during deployment and configuration processes. This type of vulnerability can pose significant risks to data security and integrity. To mitigate such risks, prompt action is required to change default credentials to secure the systems effectively.
The vulnerability resides in the Apache Kylin Console, particularly in earlier versions up to 3.0.0, where the login endpoint does not enforce custom credential setup upon installation or first use. This endpoint can be susceptible if the default 'ADMIN' username and 'KYLIN' password are used, which are widely known and can be exploited by threat actors. The API endpoint '/kylin/api/user/authentication' is particularly sensitive, as it supports Basic Authentication, making it a target for brute force attack methods. The presence of default credentials in the HTTP request further highlights the potential for unauthorized access. By exploiting these credentials, attackers can potentially retrieve user details and manipulate system settings.
If exploited, the Default Login vulnerability allows unauthorized individuals to access the Apache Kylin Console, potentially leading to data breaches and unauthorized data manipulation. Attackers could access sensitive data, execute unauthorized commands, and make unauthorized changes to configurations, severely compromising data security. Data theft, integrity issues, and disruptions to service availability are direct consequences of exploitation. Additionally, the organization could face compliance penalties and damage to its reputation if sensitive information is exposed. Ensuring proper credential management practices is crucial to defend against such vulnerabilities.
REFERENCES