Kong Admin Unauthenticated Access Scanner

The Kong Admin GUI is used by organizations to manage their Kong API Gateway. Kong helps in API management, traffic control, and microservices management. The Admin GUI offers a user interface to manage APIs and services. It is commonly used in cloud-native environments and by DevOps teams. It’s a vital component for configuring and monitoring APIs. A misconfiguration or insecure settings can expose the entire Kong Admin interface to unauthorized users.

This scanner checks if the Kong Admin GUI is insecurely exposed. Specifically, it verifies if the ADMIN_GUI_AUTH parameter is empty, which could leave the admin interface unprotected. It also checks for the presence of a title in the HTML page that identifies it as the Kong Admin GUI. A misconfiguration of these settings could allow unauthorized users to access the admin dashboard.

The vulnerability is detected by inspecting the root HTML page and the /kconfig.js file. If the title of the page contains "Kong Admin" and the ADMIN_GUI_AUTH field is empty in the kconfig.js file, the system is deemed vulnerable. This means that no authentication mechanism is present for the Admin GUI, making it susceptible to unauthorized access.

If exploited, malicious actors could gain access to sensitive configurations, perform unauthorized actions on APIs, and potentially disrupt or manipulate traffic. This could result in a complete compromise of the API management platform. Attackers could also use the admin interface for reconnaissance or as a foothold into other internal systems. The exposure of sensitive configuration details could lead to data breaches or unauthorized changes in service behavior. It also increases the attack surface for other vulnerabilities to be exploited.

REFERENCES

• Kong GitHub Repository