Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Apache Hbase Unauth" module is designed to detect misconfigurations in Apache HBase, an open-source, distributed, non-relational database management system. This module focuses on identifying unauthenticated access vulnerabilities in Apache HBase instances. The severity of this vulnerability is classified as medium.
Author: pikpikcu
If the module detects a misconfiguration, it indicates that the Apache HBase instance is vulnerable to unauthorized access. This could potentially lead to unauthorized data exposure, data manipulation, or other security breaches.
The "Apache Hbase Unauth" module works by sending an HTTP GET request to the "/conf" path of the target Apache HBase instance. It then applies matching conditions to determine if the misconfiguration is present.
Matching conditions:
- The response body must contain the following words: "<name>hbase.defaults.for.version</name>
" and "<source>hbase-default.xml</source>
".
- The response status code must be 200.
If both conditions are met, the module reports a vulnerability, indicating that the Apache HBase instance is misconfigured and potentially vulnerable to unauthorized access.