Sensitive Data: Apache Dubbo - Default Admin Discovery¶

Identifier: dubbo_admin_default_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Apache Dubbo service framework admin interface may be accessible with default credentials, allowing unauthorized access to service registry, configuration, and administrative functions.

How we test: We attempt to authenticate to the Apache Dubbo admin interface using common default username and password combinations. If authentication succeeds, we report the vulnerability.

Reference:

https://www.cnblogs.com/wishwzp/p/9438658.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  dubbo_admin_default_login:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.