Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Unauthenticated Spark WebUI
By kannthu
Vidoc ModuleDescription
What is the "Unauthenticated Spark WebUI?"
The "Unauthenticated Spark WebUI" module is designed to detect a misconfiguration vulnerability in the Spark WebUI, a web-based user interface for Apache Spark. This module focuses on identifying instances where the Spark WebUI is accessible without authentication, potentially exposing sensitive information to unauthorized users. The severity of this vulnerability is classified as medium.
Impact
If the Spark WebUI is accessible without authentication, an attacker could gain unauthorized access to the interface and potentially exploit or manipulate the Apache Spark cluster. This could lead to unauthorized data access, data manipulation, or disruption of the cluster's operations.
How the module works?
The "Unauthenticated Spark WebUI" module works by sending HTTP requests to the target system and analyzing the responses for specific patterns. It checks for a status code of 200 and looks for the presence of the following strings in the response body:
<title>Spark Master at spark://</title>
<strong>URL:</strong>If both conditions are met, the module considers the Spark WebUI to be accessible without authentication and reports it as a potential misconfiguration vulnerability.