PhotoPrism Default Login Scanner

This scanner detects the use of PhotoPrism in digital assets. It checks for instances using default credentials to improve security.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

25 days 4 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

PhotoPrism is an AI-powered photos app designed to decentralize the web. It's used by photographers and organizations to manage and organize photos effectively. Known for its AI capabilities, PhotoPrism can automatically tag photos that make searching much more efficient. It is deployed on personal servers, enabling users to maintain control over their image collections. PhotoPrism supports a wide array of image formats and includes features like facial recognition and duplicate detection. The application is pivotal for photographers needing a robust tool for managing extensive photo libraries.

The scanner detects default login credentials used by PhotoPrism. These credentials pose a significant security risk if unchanged, possibly allowing unauthorized individuals to access the PhotoPrism instance. Detecting default logins is crucial because it helps prevent unauthorized data access and potential data loss. The impact of such vulnerabilities is critical, as it can compromise personal or organizational data managed by the app. Affected users may inadvertently expose sensitive image collections to potential attackers if their default credentials are not updated. Regular checks for such vulnerabilities are essential to maintain adequate security standards.

Technical detection leverages HTTP POST requests made to "/api/v1/session" to identify instances where default credentials "admin:admin321" are accepted. This action checks if valid access tokens are returned, confirming successful authentication. If the service returns a 200 status and contains necessary elements in the response, the scanner confirms that default credentials are in use. This approach provides a reliable means of identifying weak points in security related to user access. The raw HTTP request is sent to identify these responses efficiently. Overall, the technical setup of credential checking helps pinpoint configurations posing security risks.

If exploited, default credentials could provide attackers full administrative access to the PhotoPrism instance. This level of access allows attackers to manipulate, download, or delete the stored photos with potentially disastrous effects on personal or business assets. In addition to data loss, it can damage trust and lead to penalties if sensitive images are exposed. The breach might become a gateway for further exploitation, such as launching additional attacks from the compromised server. Remediating these vulnerabilities quickly is essential to prevent potential long-term harm.

REFERENCES

Get started to protecting your digital assets