Alert Manager - Unauthenticated Access

What is "Alert Manager - Unauthenticated Access?"

The "Alert Manager - Unauthenticated Access" module is designed to detect a misconfiguration in the Alert Manager software. Alert Manager is a tool used for managing and handling alerts sent by various monitoring systems. This module specifically targets instances of Alert Manager that allow access without requiring any authentication. The severity of this misconfiguration is classified as high, indicating the potential for unauthorized access to sensitive information.

This module was authored by dhiyaneshDK.

Impact

If the Alert Manager is accessible without authentication, it poses a significant security risk. Unauthorized individuals could potentially gain access to sensitive alerts and manipulate or delete them. This could lead to the disruption of monitoring systems and the loss of critical information, impacting the overall security and reliability of the system.

How does the module work?

The "Alert Manager - Unauthenticated Access" module works by sending an HTTP GET request to the "/#/alerts" path of the target Alert Manager instance. It then applies two matching conditions to determine if the misconfiguration is present:

- Matcher 1: It checks if the response body contains the HTML title tag "<title>Alertmanager</title>". This indicates that the Alert Manager interface is accessible. - Matcher 2: It verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports a vulnerability, indicating that the Alert Manager is accessible without authentication.

It is important to address this misconfiguration by implementing proper authentication mechanisms to protect the Alert Manager and prevent unauthorized access.