S4E

SonarQube Default Login Scanner

This scanner detects the use of SonarQube in digital assets. It helps identify instances where SonarQube may be vulnerable due to default login credentials.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

1 minute

Time Interval

23 days 18 hours

Scan only one

Domain, IPv4

Toolbox

-

SonarQube is widely used by development teams and software houses to ensure code quality through static code analysis. It is implemented in various programming environments to measure technical debt and maintain code standards. Companies integrate SonarQube within their continuous integration pipelines to facilitate automated code review. Being an open-source tool, it supports different languages and can be extended with custom rules. SonarQube is used by anyone from small teams to large enterprises who are focused on maintaining clean code. Its integration capabilities with other DevOps tools make it indispensable in modern software development cycles.

The vulnerability detected in this case involves default login credentials being present in a SonarQube installation. Often, when SonarQube is set up initially, default credentials for admin access remain unchanged. This presents a considerable security risk as it allows unauthorized users to access admin features. Failure to change these default credentials can lead to unauthorized access to sensitive information and configuration settings. The issue is prevalent among installations that have not been properly hardened post-deployment. This vulnerability emphasizes the need for immediate credential management upon installation to avoid exploitation.

Technically, this vulnerability arises because the default installation of SonarQube provides predefined administrative login credentials. The endpoint that is susceptible is the login interface typically found at /api/authentication/login. Parameters involved in exploiting this vulnerability include typical username/password fields, where attackers can try common defaults like 'admin' for both fields. Successful exploitation is detected by analyzing server responses when unauthorized logins are attempted. The lack of checks against these login attempts makes such an attack feasible and usually stealthy, often unnoticed until damage is done.

Exploiting this vulnerability could allow attackers to gain full admin control over the SonarQube instance. This can lead to exposure of sensitive data, unauthorized code review changes, and manipulation or deletion of code quality reports. Furthermore, attackers can inject malicious code and manipulate software being developed, ultimately compromising not only the code but the reputation of the organization. In more serious cases, this can escalate to broader network breaches if the SonarQube instance is on the same network as other critical systems.

REFERENCES

Get started to protecting your Free Full Security Scan