SonarQube Default Login Scanner
This scanner detects the use of SonarQube in digital assets. It helps identify instances where SonarQube may be vulnerable due to default login credentials.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
23 days 18 hours
Scan only one
Domain, IPv4
Toolbox
-
SonarQube is widely used by development teams and software houses to ensure code quality through static code analysis. It is implemented in various programming environments to measure technical debt and maintain code standards. Companies integrate SonarQube within their continuous integration pipelines to facilitate automated code review. Being an open-source tool, it supports different languages and can be extended with custom rules. SonarQube is used by anyone from small teams to large enterprises who are focused on maintaining clean code. Its integration capabilities with other DevOps tools make it indispensable in modern software development cycles.
The vulnerability detected in this case involves default login credentials being present in a SonarQube installation. Often, when SonarQube is set up initially, default credentials for admin access remain unchanged. This presents a considerable security risk as it allows unauthorized users to access admin features. Failure to change these default credentials can lead to unauthorized access to sensitive information and configuration settings. The issue is prevalent among installations that have not been properly hardened post-deployment. This vulnerability emphasizes the need for immediate credential management upon installation to avoid exploitation.
Technically, this vulnerability arises because the default installation of SonarQube provides predefined administrative login credentials. The endpoint that is susceptible is the login interface typically found at /api/authentication/login. Parameters involved in exploiting this vulnerability include typical username/password fields, where attackers can try common defaults like 'admin' for both fields. Successful exploitation is detected by analyzing server responses when unauthorized logins are attempted. The lack of checks against these login attempts makes such an attack feasible and usually stealthy, often unnoticed until damage is done.
Exploiting this vulnerability could allow attackers to gain full admin control over the SonarQube instance. This can lead to exposure of sensitive data, unauthorized code review changes, and manipulation or deletion of code quality reports. Furthermore, attackers can inject malicious code and manipulate software being developed, ultimately compromising not only the code but the reputation of the organization. In more serious cases, this can escalate to broader network breaches if the SonarQube instance is on the same network as other critical systems.
REFERENCES