beegoServer:1.12.0
tcp/8080
The Kafka instance is available to the public without authentication.
An attacker could connect to the queue to extract private/confidential information in real-time.
Fingerprint: 43224224eeda9da960defeaa8e8baa1e5fc91419d6971929d6971929d6971929
NoAuth Found topic plume_log_list Found topic plume_trace_list Found topic __consumer_offsets
Fingerprint: 43224224eeda9da960defeaa0efe442a214c3b9e2e364d992e364d992e364d99
NoAuth Found topic __consumer_offsets Found topic plume_log_list Found topic plume_trace_list
Fingerprint: 43224224eeda9da960defeaadd60eb7df044395d25a2133125a2133125a21331
NoAuth Found topic plume_trace_list Found topic __consumer_offsets Found topic plume_log_list
Fingerprint: 43224224eeda9da960defeaadd60eb7dc48e1a91cf9cde51cf9cde51cf9cde51
NoAuth Found topic plume_trace_list Found topic plume_log_list Found topic __consumer_offsets
Elasticsearch and/or Kibana is currently open without authentication.
This results in all the database data made available publicly.
Severity: medium
Fingerprint: 831cb76b8e05df463ffce5e89ca50cab9ca50cab9ca50cab9ca50cab9ca50cab
Indices: 1, document count: 40, size: 40.0 MB Found index .geoip_databases with 40 documents (40.0 MB)
Severity: medium
Fingerprint: 831cb76b8e05df46301c029f09e1dd5509e1dd5509e1dd5509e1dd5509e1dd55
Indices: 1, document count: 41, size: 54.7 MB Found index .geoip_databases with 41 documents (54.7 MB)
Open service 42.192.40.197:8080
2024-06-15 12:13
HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: /login/index Server: beegoServer:1.12.0 Set-Cookie: beegosessionID=cb4993ebb3234dfa304a408bd942fcf3; Path=/; HttpOnly Date: Sat, 15 Jun 2024 12:13:17 GMT Content-Length: 35 Connection: close <a href="/login/index">Found</a>.
Open service 42.192.40.197:8081
2024-06-14 11:32
HTTP/1.1 200 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Last-Modified: Sat, 21 May 2022 05:08:09 GMT Accept-Ranges: bytes Content-Type: text/html;charset=UTF-8 Content-Language: en-US Content-Length: 3096 Date: Fri, 14 Jun 2024 11:32:56 GMT Connection: close Page title: KafkaMap <!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="./favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="./logo192.png"/><link rel="manifest" href="./manifest.json"/><title>KafkaMap</title><link href="./static/css/2.92c2f793.chunk.css" rel="stylesheet"><link href="./static/css/main.d1254da9.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(e){function r(r){for(var n,u,i=r[0],c=r[1],l=r[2],p=0,s=[];p<i.length;p++)u=i[p],Object.prototype.hasOwnProperty.call(o,u)&&o[u]&&s.push(o[u][0]),o[u]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(f&&f(r);s.length;)s.shift()();return a.push.apply(a,l||[]),t()}function t(){for(var e,r=0;r<a.length;r++){for(var t=a[r],n=!0,i=1;i<t.length;i++){var c=t[i];0!==o[c]&&(n=!1)}n&&(a.splice(r--,1),e=u(u.s=t[0]))}return e}var n={},o={1:0},a=[];function u(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,u),t.l=!0,t.exports}u.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var a,i=document.createElement("script");i.charset="utf-8",i.timeout=120,u.nc&&i.setAttribute("nonce",u.nc),i.src=function(e){return u.p+"static/js/"+({}[e]||e)+"."+{3:"cc95066a"}[e]+".chunk.js"}(e);var c=new Error;a=function(r){i.onerror=i.onload=null,clearTimeout(l);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),a=r&&r.target&&r.target.src;c.message="Loading chunk "+e+" failed.\n("+n+": "+a+")",c.name="ChunkLoadError",c.type=n,c.request=a,t[1](c)}o[e]=void 0}};var l=setTimeout((function(){a({type:"timeout",target:i})}),12e4);i.onerror=i.onload=a,document.head.appendChild(i)}return Promise.all(r)},u.m=e,u.c=n,u.d=function(e,r,t){u.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},u.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},u.t=function(e,r){if(1&r&&(e=u(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(u.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)u.d(t,n,function(r){return e[r]}.bind(null,n));return t},u.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return u.d(r,"a",r),r},u.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},u.p="./",u.oe=function(e){throw console.error(e),e};var i=this["webpackJsonpkafka-map"]=this["webpackJsonpkafka-map"]||[],c=i.push.bind(i);i.push=r,i=i.slice();for(var l=0;l<i.length;l++)r(i[l]);var f=c;t()}([])</script><script src="./static/js/2.e3ec5d80.chunk.js"></script><script src="./static/js/main.e61f1892.chunk.js"></script></body></html>
Open service 42.192.40.197:80
2024-06-02 13:22
HTTP/1.1 401 Unauthorized Content-Type: text/plain; charset=utf-8 WWW-Authenticate: Basic realm="easyProxy" 401 Unauthorized
Open service 42.192.40.197:8080
2024-06-02 11:57
HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: /login/index Server: beegoServer:1.12.0 Set-Cookie: beegosessionID=0883e4f39229731747d4344320d32c0a; Path=/; HttpOnly Date: Sun, 02 Jun 2024 11:57:47 GMT Content-Length: 35 Connection: close <a href="/login/index">Found</a>.