Sensitive Data: OpenSearch Dashboard - Default Login¶
Identifier:
opensearch_dashboard_default_login
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
OpenSearch Dashboard may be accessible with default credentials, allowing unauthorized access to search analytics, visualization dashboards, and administrative functions.
How we test: We attempt to authenticate to the OpenSearch Dashboard interface using common default username and password combinations such as admin:admin. If authentication succeeds, we report the vulnerability.
Reference:
- https://opensearch.org/docs/latest/security/access-control/users-roles/
- https://github.com/opensearch-project/OpenSearch-Dashboards
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.