Sensitive Data: Apache Apisix Admin - Default Login¶

Identifier: apisix_default_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Apache Apisix Admin interface may be accessible with default credentials, allowing unauthorized access to administrative functions and potentially exposing sensitive configuration data.

How we test: We attempt to authenticate to the Apache Apisix admin login endpoint using common default username and password combinations. If authentication succeeds, we report the vulnerability.

Reference:

https://apisix.apache.org/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  apisix_default_login:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.