search

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Apache License 2.0
860 stars 178 forks source link

AI PRP: Mindsdb weak credential #486

Open secureness opened 1 month ago

secureness commented 1 month ago

Mindsdb has a default configuration file when we spin up an instance with the docker:

{
    "config_version":"1.4",
    "storage_dir": "/root/mdb_storage",
    "debug": false,
    "integrations": {},
    "api": {
        "http": {
            "host": "0.0.0.0",
            "port": "47334"
        },
        "mysql": {
            "host": "0.0.0.0",
            "password": "",
            "port": "47335",
            "user": "mindsdb",
            "database": "mindsdb",
            "ssl": true
        },
         "mongodb": {
            "host": "0.0.0.0",
            "port": "47336",
            "database": "mindsdb"
        }
    }
}

You can see there is no authentication option enabled by default for the HTTP(GUI) endpoint ( we can confirm this by simply setting up a docker instance of mindsdb). Also, we should add a mindsdb: username and an empty password for the MySQL weak credential tester too.

There is no authentication enabled by default but we can find configuration files in the documentation that are using basic authentication too with usernames and passwords like mindsdb:123, the authentication is a basic authentication header so we can easily test weak credentials.

for post-login validation, we can send an HTTP GET request to our tsunami callback server easily by trying to add a file as Datasource with an arbitrary URL: image