Sensitive Data: RabbitMQ Default Login¶

Identifier: rabbitmq_default_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

RabbitMQ message broker may be accessible with default admin credentials, allowing unauthorized access to queue management, message routing, and administrative functions.

How we test: We attempt to authenticate to the RabbitMQ management interface using common default username and password combinations. If authentication succeeds, we report the vulnerability.

Reference:

https://onlinehelp.coveo.com/en/ces/7.0/administrator/changing_the_rabbitmq_administrator_password.htm

Configuration¶

Example¶

Example configuration:

---
security_tests:
  rabbitmq_default_login:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.