NocoDB Open User Registration Scanner
This scanner detects the use of NocoDB allowing public user registration without requiring an invitation. It identifies instances where anyone can create an account, potentially leading to unauthorized access to sensitive information.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
24 days 17 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
NocoDB is an open-source platform used by project managers, development teams, and database administrators to convert database tables into smart spreadsheets. Organizations often deploy it to manage data collaboratively with features akin to Airtable. NocoDB makes it easy to handle data, set permissions, and automate various operational tasks. Its user-friendly interface allows even those without technical expertise to collaborate effectively. The platform is extensively used in small to mid-sized enterprises to maintain transparency in data management. Additionally, it's favored for its ability to integrate with various popular business tools.
With the open user registration vulnerability, NocoDB instances allow public user sign-ups without requiring an administrator invitation. This vulnerability might lead to unauthorized accounts being created, compromising sensitive data and potentially giving unintended users access to private databases. Such configurations can be risky as attackers may register and interact with the system undetected. The lack of stringent access controls poses significant security risks. The vulnerability might be exploited by malicious actors to execute unauthorized queries or export sensitive data. Therefore, it's essential for administrators to ensure proper access controls are enforced.
The vulnerability is identified by sending a POST request to the `/api/v1/auth/user/signup` endpoint with random user credentials. If the server responds with a successful status code and includes a JSON Web Token (JWT) in the response, it indicates the registration was successful. The vulnerable endpoint allows the registration process by accepting email and password parameters without verification of invitation codes. Additionally, the presence of the token in the response confirms the instance is susceptible. Attackers exploiting this weakness can repeatedly register multiple accounts, abusing the system resources.
Exploiting the open user registration vulnerability can lead to unauthorized database access and data leakage. Malicious users may create multiple accounts and attempt to enhance privileges for further exploitation. They might exfiltrate sensitive business information, cause reputational damage, and disrupt operations. The exposure could also pave the way for more targeted attacks, such as injection attacks if not properly managed. Such breaches can incur financial losses, especially if privileged data or often concealed intellectual property gets exposed. Organizations must assess these risks and act promptly to safeguard their digital resources.
REFERENCES
