id: exposed-zookeeper

info:
  name: Apache ZooKeeper - Unauthenticated Access
  author: pdteam
  severity: high
  description: Apache ZooKeeper was able to be accessed without any required authentication.
  reference:
    - https://zookeeper.apache.org/security.html
  metadata:
    max-request: 1
  tags: network,zookeeper,unauth,exposure,tcp

tcp:
  - inputs:
      - data: "envi\r\nquit\r\n"

    host:
      - "{{Hostname}}"
    port: 2181
    read-size: 2048

    matchers:
      - type: word
        words:
          - "zookeeper.version"
# digest: 4a0a0047304502207d9655d7b8cbba183f852defdef7de3de397240a7dc77389ef1908222fb700cd022100b91efad57bd1d2727b49277a1e6ff10c58b40882933005cecb171fee77111fd5:922c64590222798bb761d5b6d8e72950