Sensitive Data: Apache Tomcat - Default Login Discovery¶

Identifier: tomcat_examples_login

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Apache Tomcat versions 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64, and 8.5.50 to 8.5.81 are vulnerable to default login credential authentication, potentially allowing unauthorized access.

How we test: We test for default Apache Tomcat login credentials by attempting to authenticate using known default credentials and analyzing responses to detect if default credentials are still in use.

Reference:

https://c0nqr0r.github.io/CVE-2022-34305/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  tomcat_examples_login:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.