AI PRP: Weak credential tester for kubeflow

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

880 stars 179 forks source link

AI PRP: Weak credential tester for kubeflow #512

Open grandsilva opened 5 months ago

grandsilva commented 5 months ago

Kubeflow official setup has a default credential: https://github.com/kubeflow/manifests?tab=readme-ov-file#port-forward

I can write a plugin to detect this with a successful login message, furthermore, I can check the weak credentials with out of band check by utilizing SSRF or code execution which I suggest SSRF.

hayageek commented 3 months ago

Hi @tooryx , Looks like no activity on this issue. I already worked on Kubeflow Models UI (https://github.com/google/tsunami-security-scanner-plugins/issues/422), let me know I can work on this ?

tooryx commented 3 months ago

Hi @hayageek,

This request is in @grandsilva's queue for now, I don't think it is specifically inactive.

~tooryx

grandsilva commented 1 month ago

@tooryx could you make this PRP as my main AI PRP to let me start working on this?

tooryx commented 1 month ago

Hi @grandsilva,

You can proceed with this PR.

~tooryx