OpenMetadata Default Login Scanner

The OpenMetadata software is widely used by data-focused teams for metadata management and governance. It facilitates the management of metadata in a centralized, easy-to-use platform, allowing large organizations to effectively manage their data catalogs. Users include data analysts, data scientists, and data engineers who rely on it to gain insights and maintain compliance. The software supports various integrations with other data platforms and is often deployed across corporate networks to streamline data operations. Companies use OpenMetadata to ensure consistency and accuracy in the use of their data assets, enabling efficient collaboration and decision-making. Regular updates and active community support are available to users to enhance the functionality of OpenMetadata continuously.

The default login vulnerability pertains to the presence of factory-set administrative credentials in OpenMetadata. This scanner's purpose is to identify instances where the default admin credentials are still enabled, which can pose a security risk. Such issues arise when administrators neglect to change default settings upon installation. If left unaddressed, malicious users could exploit these credentials to gain unauthorized access to the system. Identifying and alerting administrators about the presence of default credentials is crucial for maintaining system security. The scanner relies on targeted detection techniques to assess whether the default login is enabled and accessible.

The detection process involves probing the login interface of OpenMetadata deployments. This is typically achieved by sending a POST request to the login API with preset default credentials. The scanner checks for specific tokens in the response body, such as "accessToken", "refreshToken", and "expiryDuration", to verify successful authentication. It also examines that the content type of the response is 'application/json' and that the HTTP status code returned is 200, indicating a successful login. The presence of these indicators suggests that default credentials are in use, triggering an alert for potential security misconfiguration. This technical approach allows for early detection and remediation.

When exploited, the default login vulnerability could lead to unauthorized access to sensitive metadata and proprietary information. Malicious actors with access would potentially perform actions such as data modification, metadata deletion, or unauthorized configuration changes. Furthermore, any breach could result in wider network exposure and heightened risks of data exfiltration, impacting business operations and compliance. Failure to secure admin credentials might also lead to reputational damage for the organizations involved. Proactively addressing this vulnerability is essential to prevent malicious activities and to protect an organization's data assets.

REFERENCES

• https://github.com/open-metadata/OpenMetadata