PhotoPrism Default Login Scanner
This scanner detects the use of PhotoPrism in digital assets. It checks for instances using default credentials to improve security.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
25 days 4 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
PhotoPrism is an AI-powered photos app designed to decentralize the web. It's used by photographers and organizations to manage and organize photos effectively. Known for its AI capabilities, PhotoPrism can automatically tag photos that make searching much more efficient. It is deployed on personal servers, enabling users to maintain control over their image collections. PhotoPrism supports a wide array of image formats and includes features like facial recognition and duplicate detection. The application is pivotal for photographers needing a robust tool for managing extensive photo libraries.
The scanner detects default login credentials used by PhotoPrism. These credentials pose a significant security risk if unchanged, possibly allowing unauthorized individuals to access the PhotoPrism instance. Detecting default logins is crucial because it helps prevent unauthorized data access and potential data loss. The impact of such vulnerabilities is critical, as it can compromise personal or organizational data managed by the app. Affected users may inadvertently expose sensitive image collections to potential attackers if their default credentials are not updated. Regular checks for such vulnerabilities are essential to maintain adequate security standards.
Technical detection leverages HTTP POST requests made to "/api/v1/session" to identify instances where default credentials "admin:admin321" are accepted. This action checks if valid access tokens are returned, confirming successful authentication. If the service returns a 200 status and contains necessary elements in the response, the scanner confirms that default credentials are in use. This approach provides a reliable means of identifying weak points in security related to user access. The raw HTTP request is sent to identify these responses efficiently. Overall, the technical setup of credential checking helps pinpoint configurations posing security risks.
If exploited, default credentials could provide attackers full administrative access to the PhotoPrism instance. This level of access allows attackers to manipulate, download, or delete the stored photos with potentially disastrous effects on personal or business assets. In addition to data loss, it can damage trust and lead to penalties if sensitive images are exposed. The breach might become a gateway for further exploitation, such as launching additional attacks from the compromised server. Remediating these vulnerabilities quickly is essential to prevent potential long-term harm.
REFERENCES