Infinispan Default Login Scanner

Infinispan is a distributed cache and key-value NoSQL datastore software. It is widely used for in-memory data storage to improve data retrieval performance. Typically employed by organizations who need to process large volumes of data rapidly, Infinispan is utilized across various industries. It's particularly favored in environments where scalability and high availability are critical. The software is frequently embedded in larger enterprise applications or operated as a standalone server. Infinispan is a product of Red Hat and integrates well with other Red Hat software products.

This scanner identifies the use of default administrator credentials in Infinispan deployments. Default credentials present a significant security risk that can be exploited by attackers to gain unauthorized access. The template specifically checks for exposed REST API endpoints secured with default login information. An attack leveraging this vulnerability could completely compromise the integrity of the software and its data storage capabilities. Detecting the presence of this weakness allows organizations to secure their assets against potential breaches. The scan is crucial for highlighting misconfigurations that are easy to exploit.

The scanner works by interacting with the Infinispan REST API endpoints. Initially, it attempts to determine if the API requires HTTP Digest authentication. The next step involves using the default credentials, `admin:password`, to authenticate against the REST API. If access is granted, this confirms the use of default login credentials. Technical execution involves assembling HTTP requests with digest authorization fields. Successful detection is indicated by the retrieval of expected Infinispan API response indicating access to cache managers. It ensures test logic verifies both request and response parameters accurately.

Exploiting this vulnerability could allow an attacker full read/write access to all cache managers, caches, and administrative endpoints. This could lead to unauthorized data access, modifications, and even deletion of critical information. The attacker could cause Denial of Service (DoS) by exhausting storage resources. They might also install backdoors or pivots within the system. Therefore, the impacts are extensive, affecting confidentiality, integrity, and availability of data and resources within the system.

REFERENCES

• https://infinispan.org/docs/stable/titles/security/security.html
• https://infinispan.org/