Yacht Default Login Scanner

This scanner detects the use of Yacht in digital assets, specifically focusing on default admin credentials. Identifying such configurations can prevent unauthorized access to the Docker environment managed by Yacht.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

18 days 21 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Yacht is a web interface used by developers and system administrators for managing Docker containers efficiently. It allows users to manage, view, and deploy Docker containers through an intuitive web interface. Yacht provides a centralized platform for container management, making it easier for teams to orchestrate Docker environments. It is typically used in environments where Docker containers need streamlined management, such as development, testing, and production settings. Users can quickly deploy and remove containers, manage Docker images, and monitor container performance. Despite its utility, it can pose a security risk if misconfigured, particularly with default credentials.

The scanner is designed to identify default login vulnerabilities within the Yacht interface. Default credentials present a significant risk as they may allow unauthorized users to access sensitive container environments. By detecting this vulnerability, system administrators can secure their Docker environments against unauthorized access. The scanner checks for known default credentials which could compromise the integrity of the system. Using default admin credentials such as “[email protected]:pass” is a common misconfiguration that leads to a security hole. Detection of such weaknesses can prompt timely corrective measures to protect data and system integrity.

The scanner works by sending HTTP POST requests to the Yacht login API endpoint with default admin credentials. The target endpoint is "/api/auth/login" which processes login attempts. If the response contains specific markers such as an access token or success message in JSON format, the instance is flagged as vulnerable. The scanner looks for a status code of 200 with JSON content type indicating successful access with default credentials. Such a successful match indicates that the default credentials are still active, leading to potential security breaches. Properly identifying these endpoints and conditions allows administrators to rectify the issue and bolster security defenses.

If exploited, the default login vulnerability in the Yacht interface can lead to unauthorized access to Docker containers and the host system. Malicious actors can manipulate container configurations, leading to unintended deployments or service disruptions. Data within or accessible by containers could be exposed or exfiltrated, negatively impacting data privacy and confidentiality. Furthermore, it opens the avenue for attackers to launch further assaults on the host system itself. Such breaches could escalate to full system hijack or misuse of computing resources, making rectification imperative for maintaining system security.

REFERENCES

Get started to protecting your digital assets