Unauthenticated Netdata

What is the "Unauthenticated Netdata?"

The "Unauthenticated Netdata" module is designed to detect a specific vulnerability in Netdata software, an open-source monitoring and performance troubleshooting software. Netdata provides real-time monitoring and visualization of system and application metrics.

This module focuses on detecting misconfigurations in Netdata that allow unauthenticated access. It scans for a particular API endpoint that can be accessed without proper authentication, potentially exposing sensitive system information.

The severity of this vulnerability is classified as medium, indicating that it can pose a significant risk to the security and integrity of the monitored systems.

Impact

If the vulnerability detected by this module is present, an attacker could gain unauthorized access to the Netdata instance and obtain sensitive information about the system and its performance. This information could be leveraged to further exploit the system or compromise its security.

How the module works?

The "Unauthenticated Netdata" module works by sending a specific HTTP request to the target Netdata instance. The request is designed to trigger the vulnerable API endpoint and check for the expected response.

Here is an example of the HTTP request sent by the module:

GET /api/v1/data?chart=system.cpu&format=json&points=125&group=average>ime=0&options=ms%7Cflip%7Cjsonwrap%7Cnonzero&after=-120&dimensions=iowait

The module then applies a set of matching conditions to the response received from the target. These conditions include:

- Checking if the HTTP response status is 200 (indicating a successful request) - Verifying that specific words, such as "view_update_every" and "dimensions", are present in the response body - Ensuring that the response header contains the "application/json" content type

If all the matching conditions are met, the module reports the vulnerability, indicating that the Netdata instance is misconfigured and allows unauthenticated access.