Skip to content

Sensitive Data: Apache Doris - Default Login

Identifier: doris_default_login

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Apache Doris analytics database management interface may be accessible with default credentials, allowing unauthorized access to database queries, table definitions, and administrative functions.

How we test: We attempt to authenticate to the Apache Doris Panel interface using common default username and password combinations, including root/admin user accounts. If authentication succeeds, we report the vulnerability.

Configuration

Example

Example configuration:

---
security_tests:
  doris_default_login:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.