S4E

Google Earth Enterprise Default Login Scanner

This scanner detects the use of Google Earth Enterprise in digital assets. It identifies the presence of default login credentials to ensure security measures are properly enforced.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

1 minute

Time Interval

1 week 18 hours

Scan only one

Domain, IPv4

Toolbox

-

Google Earth Enterprise is primarily used by organizations for mapping and satellite data visualization purposes. It allows businesses, governments, and other entities to manage and utilize vast amounts of geospatial data. This software can be deployed in networks where high-value or sensitive geographic information is essential for planning and analysis. Professionals like urban planners, defense analysts, and business strategists leverage it for its robust data handling capabilities. It provides a customizable environment where users can layer and manage their unique geographical data sets. Its server-client architecture ensures that geographic data can be efficiently distributed across an enterprise.

The default login vulnerability in Google Earth Enterprise arises when systems are deployed with standard, commonly known credentials. Attackers can exploit this vulnerability if the credentials are not changed post-deployment. This poses a significant security risk as it allows unauthorized access to sensitive geographical data. The vulnerability is critical in scenarios where public or private entities store proprietary or confidential data. By gaining access through default credentials, a malicious user can alter, delete, or exfiltrate highly sensitive and critical information. Ensuring that these credentials are changed immediately after installation is a primary defense mechanism against this vulnerability.

The technical specifics of this vulnerability involve the default credentials 'geapacheuser' as the username and 'geeadmin' as the password. These credentials can often be found on unconfigured Google Earth Enterprise servers in the wild. The template creates an HTTP GET request to the admin panel endpoint using Basic Authorization with these default credentials. Successful exploitation returns an HTTP 200 status along with identifying features such as 'DashboardPanel' and 'Earth Enterprise Server' in the response. This implies that the server is susceptible to unauthorized access.

If exploited, this vulnerability can have detrimental effects, including unauthorized control over the server. Attackers could potentially manipulate geospatial data, leading to data corruption or wrongful decision-making. They could also establish a foothold in the network, leveraging this access to perform further attacks. The exposure of sensitive geographical data can lead to privacy violations and competitive disadvantages. Additionally, this could result in a loss of public trust for organizations that handle sensitive data.

REFERENCES

Get started to protecting your Free Full Security Scan