Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Redash Installer Exposure module is designed to detect misconfigurations in the Redash software installation. Redash is a popular open-source data visualization and dashboarding tool used by organizations to query and analyze their data. This module focuses on identifying vulnerabilities related to the initial setup of Redash.
This module has a severity level of high, indicating that it can potentially expose sensitive information or lead to unauthorized access if misconfigurations are present.
If the Redash Installer Exposure module detects a misconfiguration, it means that the Redash installation is not properly secured. This can result in unauthorized access to the Redash instance, potentially leading to data breaches, unauthorized data manipulation, or other security risks.
The Redash Installer Exposure module works by sending a GET request to the "/setup" path of the Redash installation. It then applies a set of matching conditions to determine if a misconfiguration is present.
The matching conditions include:
- Checking if the response body contains the phrases "Redash Initial Setup" and "Admin User". - Verifying that the response header includes the word "text/html". - Ensuring that the response status code is 200 (OK).If all of these conditions are met, the module flags the Redash installation as potentially misconfigured.
It is important to note that this module does not perform any modifications or exploit any vulnerabilities. It solely focuses on detecting misconfigurations in the Redash installation.