Default password on 34.120.209.175
Medium
Vulnerability Details
There is a default password on 34.120.209.175, I can log in successfully.It has 500 Server Error, But we can confirm default password is vaild.
**Summary:**
The IP has a SSL certificate pointing to ElasticSearch.
curl -kv https://34.120.209.175
## Steps To Reproduce:
1. access https://34.120.209.175/user/login,and log in with admin/admin
2. it response the version of rundeck and error alert
3. get Physical path and Class name.
## Impact
Get the Default password.
Actions
View on HackerOneReport Stats
- Report ID: 1415241
- State: Closed
- Substate: resolved
- Upvotes: 12