Jenkins Default Login Scanner
This scanner detects the use of Jenkins in digital assets. It identifies possible default login credentials in Jenkins installations.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 week 2 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Jenkins is a widely-used open-source automation server that is commonly utilized in software development for continuous integration and delivery processes. It is mainly used by software developers and IT teams to automate parts of software development, such as building, testing, and deploying, facilitating faster delivery and higher quality. Jenkins supports multiple version control systems and is highly extensible, allowing for the integration of a variety of tools via plug-ins. Its web-based interface makes it easy to set up and configure, making it a favorable choice for many organizations. With a robust community and strong support, Jenkins continuously evolves with new features, keeping up with the latest development trends.
The default login vulnerability in Jenkins occurs when the default administrator credentials are not changed after installation. This vulnerability can allow unauthorized access to the Jenkins system, potentially leading to control over Jenkins jobs and the servers on which they are run. Default credentials, such as 'admin/admin', are widely known and can be easily exploited if left unchanged, posing a significant security risk. The vulnerability is classified under Security Misconfiguration due to the incorrect setup and maintenance of the software environment. Maintaining awareness of such vulnerabilities is crucial to safeguarding systems from unauthorized access and potential breaches.
The Jenkins default login vulnerability is technically straightforward but dangerous if overlooked. During the initial setup, Jenkins typically creates an admin account with a default username and password that administrators need to update. The vulnerability arises when commands in the template attempt to authenticate using default credentials—by sending specific requests to login endpoints and verifying dashboard access. This detection identifies instances where unmodified default credentials remain in use, leaving the system exposed to exploitation. It highlights endpoints like `/j_spring_security_check` which require careful configuration to ensure security.
If malicious users exploit this vulnerability, they gain administrative access to the Jenkins server. Such access could allow them to manipulate Active Builds, inject malicious code into the production environment, access sensitive information, and potentially disrupt the software development lifecycle. An attacker could also modify system configurations, add or remove plug-ins, and execute arbitrary scripts that could further compromise network security. Consequently, leaving default credentials unchanged poses organizational risks, including data breaches and loss of control over development environments.
REFERENCES
