Access Control: IoTaWatt Configuration App Exposure¶

Identifier: iotawatt_app_exposure

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Unauthenticated access to IoTaWatt configuration apps could give attackers the means to upload data to third-party energy websites or databases, potentially compromising energy monitoring systems.

How we test: We test for exposed IoTaWatt configuration apps by attempting to access configuration interfaces without authentication and analyzing responses to detect if unauthenticated access is possible.

Reference:

https://docs.iotawatt.com/en/master/passConfig.html

Configuration¶

Example¶

Example configuration:

---
security_tests:
  iotawatt_app_exposure:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.