Argo CD Login Panel

What is the Argo CD Login Panel?

The Argo CD Login Panel module is designed to detect the presence of an Argo CD login panel. Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This module focuses on identifying the login panel specifically.

Severity: Informative

Author: Adam Crosser, daffainfo

Impact

The presence of an Argo CD login panel indicates that the Argo CD installation may be accessible to unauthorized users. This could potentially lead to unauthorized access, data breaches, or other security risks.

How does the module work?

The module sends an HTTP GET request to the "/login" path of the target. It then applies two matching conditions:

- The response body must contain the HTML tag "<title>Argo CD</title>". This indicates that the login panel is present. - The response status code must be 200, indicating a successful request.

If both conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /login

Matching conditions:

- Response body must contain the HTML tag "<title>Argo CD</title>" - Response status code must be 200

For more information about Argo CD, you can visit the official website: https://argoproj.github.io/cd/

Metadata:

- Max request: 1 - Shodan query: http.title:"Argo CD"