Apache Kafka - Unauthorized UI Exposure

What is "Apache Kafka - Unauthorized UI Exposure?"

The "Apache Kafka - Unauthorized UI Exposure" module is designed to detect unauthorized access to the Apache Kafka user interface (UI). Apache Kafka is a distributed streaming platform that allows for the processing and storage of high volumes of data in real-time. This module specifically targets misconfigurations that could potentially expose the Kafka UI to unauthorized users.

This module has a severity level of medium, indicating that while it is not a critical vulnerability, it still poses a potential risk to the security of the Kafka UI.

This module was authored by theamanrawat.

Impact

If unauthorized access to the Apache Kafka UI is possible, it could allow attackers to gain sensitive information, manipulate data, or disrupt the functionality of the Kafka cluster. This could lead to data breaches, unauthorized data modifications, or service disruptions.

How the module works?

The module works by sending an HTTP GET request to the "/ui/clusters/kafka-ui/brokers" path of the target server. It then applies two matching conditions to determine if the Kafka UI is exposed:

- The module checks if the response body contains the HTML title tag "<title>UI for Apache Kafka</title>". This indicates that the UI is present and accessible. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both conditions are met, the module reports a vulnerability, indicating that the Apache Kafka UI is exposed and potentially accessible to unauthorized users.

For more information, you can refer to the following resources:

- Apache Kafka Unauthorized Access Vulnerability - Kafka UI GitHub Repository

Metadata:

- Max Request: 2 - Verified: True - Shodan Query: http.title:"UI for Apache Kafka"