Apache Druid Unauth

What is "Apache Druid Unauth"?

The "Apache Druid Unauth" module is designed to detect misconfigurations in the Apache Druid software. Apache Druid is a high-performance, real-time analytics database that is used for handling large amounts of data. This module specifically targets the Apache Druid software and checks for unauthenticated access vulnerabilities.

This module has a severity level of low, indicating that the detected misconfigurations may have a limited impact on the security of the system.

Impact

If the Apache Druid software is misconfigured and allows unauthenticated access, it can potentially expose sensitive data and allow unauthorized users to perform unauthorized actions on the system. This can lead to data breaches, unauthorized access, and other security risks.

How does the module work?

The "Apache Druid Unauth" module works by sending a GET request to the "/unified-console.html" path of the target system. It then applies matching conditions to determine if the Apache Druid software is present and accessible without authentication.

The matching conditions used by this module are:

- Title Matcher: The module checks if the response HTML contains the "<title>Apache Druid</title>" tag, indicating the presence of the Apache Druid software. - Status Matcher: The module checks if the response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports a vulnerability, indicating that the Apache Druid software is misconfigured and accessible without authentication.