Harbor Registry Default Login Scanner
This scanner detects the use of Harbor Registry in digital assets.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
24 days 14 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
Harbor Registry is a cloud-native, open-source container image registry that stores, signs, and scans content. It is widely used by organizations to manage their containerized applications and images securely. Developed by VMware, it offers features like vulnerability scanning, role-based access control, and image replication across multiple registries. As a highly scalable solution, it is preferred in environments requiring robust management of container artifacts. It supports a variety of authentication modes, including LDAP and OIDC, to integrate with existing security infrastructures. Primarily, the Harbor Registry aids in the protection and management of critical software components in containerized environments.
This scanner identifies instances where the Harbor Registry is using default administrative credentials. The vulnerability arises when administrators do not change the default username and password, leaving the registry open to unauthorized access. Default credentials pose a significant risk as they can be easily exploited by attackers who gain administrative access. With such access, an attacker can manage registries, projects, users, and stored container images, which can lead to data breaches and system disruptions. Hence, detecting default login credentials is crucial to securing Harbor Registry deployments. The scanner notifies administrators of these issues, prompting immediate corrective action.
The vulnerability checked involves accessing the Harbor Registry's API endpoints with default credentials to determine if unauthorized access is possible. It targets endpoints such as "/api/v2.0/systeminfo" and "/api/v2.0/users/current" to validate the presence of authentication keys and administrative access. The process involves crafting HTTP requests to these endpoints with basic authentication headers derived from default credentials. A successful detection is indicated by receiving a 200 OK status and the presence of specific JSON fields in the response body that denote administrative privileges. These technical checks ensure that the scanner effectively flags instances of default credential usage.
When exploited, this vulnerability can lead to severe security issues. An attacker gaining administrative access can alter configurations, create or delete users, and manage container images, potentially introducing malicious code. Projects and registries can be deleted or modified to disrupt services or extract sensitive data. Additionally, unauthorized replication of images to other registries could lead to intellectual property theft. Overall, the misuse of default credentials compromises the integrity, confidentiality, and availability of the Harbor Registry's resources.
REFERENCES
