Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Hetzner Cloud Metadata Service Check is a module designed to detect misconfigurations in the Hetzner Cloud host. It targets the Hetzner Cloud metadata service and checks if the host is configured as a proxy, which could potentially allow unauthorized access to the instance metadata service. This module is classified as critical due to the potential impact it can have on the host and infrastructure.
Author: sullo
CWE-ID: CWE-441
CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CVSS-Score: 9.3
If the Hetzner Cloud host is misconfigured as a proxy, it can allow significant access to the host and infrastructure. This can potentially lead to unauthorized access, data breaches, and other security risks.
The Hetzner Cloud Metadata Service Check module sends an HTTP request to the Hetzner Cloud metadata service endpoint http://<hostval>/v1/metadata/private-networks
. It checks the response body for specific keywords such as "alias_ips:", "local-ipv4:", and "instance-id:". If any of these keywords are found, the module considers the host to be misconfigured as a proxy.
Example HTTP request:
GET http://<hostval>/v1/metadata/private-networks HTTP/1.1
Host: <hostval>
The module uses the following matching conditions:
- If the response body contains any of the specified keywords ("alias_ips:", "local-ipv4:", "instance-id:"), the module considers it a match.Note: The <hostval>
placeholder in the HTTP request is replaced with the actual values specified in the module's payload.