Beszel Unfinished Installation Page Exposure Scanner
This scanner detects the use of Beszel Installation Page Exposure in digital assets. It identifies instances where attackers might exploit an unfinished installation to gain unauthorized control. This detection protects systems by preventing unauthorized admin account creation.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
22 days 5 hours
Scan only one
URL
Toolbox
Beszel is a server monitoring hub used by IT professionals and system administrators for observing and managing server health and performance. It provides a comprehensive interface for real-time server metrics and alerts, ensuring systems run smoothly. Businesses and enterprises rely on Beszel for maintaining server uptime and optimizing performance. The software is often deployed across various server environments to achieve centralized monitoring. Its flexible configuration options allow customization according to specific infrastructure needs. The ability to manage multiple servers makes Beszel a valuable tool for IT departments.
The vulnerability involves exposure due to an unfinished installation where no admin account is configured. This condition leaves the system prone to unauthorized access, as attackers could potentially create an admin account. Gaining admin privileges would allow complete system control. This security lapse occurs when initial installation procedures are not completed appropriately. Identifying and resolving such misconfigurations is crucial for system integrity. Proper installation protocols must be followed to prevent unauthorized exploitation.
Technically, the vulnerability is detected via an endpoint accessible at '/api/beszel/first-run'. The response from this endpoint with a status code 200 and specific content-type indicates the vulnerability. A JSON body containing the field "firstRun" with a true value confirms the unfinished installation. Such endpoints should not be exposed post-installation to prevent exploitation. Attackers accessing this can manipulate the installation process unfavorably. Proper procedures during initial setup mitigate this risk.
If exploited, malicious actors could set up admin credentials and manipulate server settings. This access might lead to unauthorized data changes, deletion, or insertion. It allows interference with server monitoring, resulting in inaccurate system data. The potential for full system control exposes the organization to further network breaches. Ensuring the security of the installation process prevents severe operational impacts. Continuous monitoring and hardening are necessary defenses.
REFERENCES
