id: clickhouse-unauth

info:
  name: ClickHouse - Unauthorized Access
  author: lu4nx
  severity: high
  description: ClickHouse was able to be accessed with no required authentication in place.
  metadata:
    max-request: 1
  tags: network,clickhouse,unauth,misconfig,tcp

tcp:
  - inputs:
      # 0011436c69636b486f75736520636c69656e741508b1a9030007 is header
      # 64656661756c74 = default
      - data: 0011436c69636b486f75736520636c69656e741508b1a903000764656661756c7400
        type: hex

    host:
      - "{{Hostname}}"
    port: 9000

    read-size: 100
    matchers:
      - type: word
        words:
          - "ClickHouse"
          - "UTC"
        condition: and
# digest: 490a004630440220407c4120b7f4fcaf14baa0a9285a4235f27152c55c72ef3556331ca8ef4c824202203d3d57d1f4c52bd9a584ec43c0ebc8ae7ae2e62bbdcaf0001c5b211d36211bc7:922c64590222798bb761d5b6d8e72950