Default password on 34.120.209.175
Medium
E
Elastic
Submitted None
Actions:
Reported by
newspaper
Vulnerability Details
Technical details and impact analysis
There is a default password on 34.120.209.175, I can log in successfully.It has 500 Server Error, But we can confirm default password is vaild.
**Summary:**
The IP has a SSL certificate pointing to ElasticSearch.
curl -kv https://34.120.209.175
## Steps To Reproduce:
1. access https://34.120.209.175/user/login,and log in with admin/admin
2. it response the version of rundeck and error alert
3. get Physical path and Class name.
## Impact
Get the Default password.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Weak Cryptography for Passwords