Sensitive Data: Apache Ranger - Default Login¶

Identifier: ranger_default_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

Apache Ranger contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.

Reference:

https://github.com/apache/ranger

Configuration¶

Example¶

Example configuration:

---
security_tests:
  ranger_default_login:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.