Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Alert Manager - Unauthenticated Access" module is designed to detect a misconfiguration in the Alert Manager software. Alert Manager is a tool used for managing and handling alerts sent by various monitoring systems. This module specifically targets instances of Alert Manager that allow access without requiring any authentication. The severity of this misconfiguration is classified as high, indicating the potential for unauthorized access to sensitive information.
This module was authored by dhiyaneshDK.
If the Alert Manager is accessible without authentication, it poses a significant security risk. Unauthorized individuals could potentially gain access to sensitive alerts and manipulate or delete them. This could lead to the disruption of monitoring systems and the loss of critical information, impacting the overall security and reliability of the system.
The "Alert Manager - Unauthenticated Access" module works by sending an HTTP GET request to the "/#/alerts" path of the target Alert Manager instance. It then applies two matching conditions to determine if the misconfiguration is present:
- Matcher 1: It checks if the response body contains the HTML title tag "<title>Alertmanager</title>
". This indicates that the Alert Manager interface is accessible.
- Matcher 2: It verifies that the HTTP response status code is 200, indicating a successful request.
If both matching conditions are met, the module reports a vulnerability, indicating that the Alert Manager is accessible without authentication.
It is important to address this misconfiguration by implementing proper authentication mechanisms to protect the Alert Manager and prevent unauthorized access.