Apache Airflow Admin Login Panel

What is the "Apache Airflow Admin Login Panel?"

The Apache Airflow Admin Login Panel module is designed to detect the presence of an admin login panel in Apache Airflow. Apache Airflow is an open-source platform used for orchestrating and scheduling workflows. This module focuses on identifying potential misconfigurations or vulnerabilities related to the admin login panel.

This module has an informative severity level, which means it provides valuable information but does not indicate an immediate security threat.

Author: pdteam

Impact

The presence of an admin login panel in Apache Airflow can potentially expose sensitive information or allow unauthorized access to the system. It is important to ensure that the admin login panel is properly secured to prevent any potential security risks.

How does the module work?

The module sends HTTP requests to specific paths ("/login/" and "/admin/airflow/login") in Apache Airflow. It then applies matching conditions to determine if the admin login panel is present.

An example of a matching condition is checking for specific words in the response, such as "Airflow - Login" or "Sign In - Airflow". Additionally, the module verifies that the response status is 200 (OK).

By analyzing the responses and matching conditions, the module can identify the presence of the Apache Airflow admin login panel.

For more information about securing the Apache Airflow webserver, refer to the official documentation.