Sensitive Data: Apache Kylin Console - Default Login¶
Identifier:
kylin_default_login
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Apache Kylin OLAP analytics platform may be accessible with default credentials, allowing unauthorized access to analytics queries, cube definitions, and administrative functions.
How we test: We attempt to authenticate to the Apache Kylin Console using common default username and password combinations, including the ADMIN user with password KYLIN in versions before 3.0.0. If authentication succeeds, we report the vulnerability.
Reference:
- https://github.com/hanc00l/pocGoby2Xray/blob/main/xraypoc/Apache_Kylin_Console_Default_password.yml
- https://github.com/Wker666/Demo/blob/main/script/%E6%BC%8F%E6%B4%9E%E6%8E%A2%E6%B5%8B/Kylin/Apache%20Kylin%20Console%20%E6%8E%A7%E5%88%B6%E5%8F%B0%E5%BC%B1%E5%8F%A3%E4%BB%A4.wker
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.