id: clickhouse-unauth

info:
  name: ClickHouse - Unauthorized Access
  author: lu4nx
  severity: high
  description: ClickHouse was able to be accessed with no required authentication in place.
  metadata:
    max-request: 1
  tags: network,clickhouse,unauth,misconfig

tcp:
  - inputs:
      # 0011436c69636b486f75736520636c69656e741508b1a9030007 is header
      # 64656661756c74 = default
      - data: 0011436c69636b486f75736520636c69656e741508b1a903000764656661756c7400
        type: hex

    host:
      - "{{Hostname}}"
    port: 9000

    read-size: 100
    matchers:
      - type: word
        words:
          - "ClickHouse"
          - "UTC"
        condition: and
# digest: 490a0046304402202fd443f78e2047b591bca8f3e7ee5a04d985131925e9c82766c93a68b7bb5d9702206422b645cc564aec3b9fedb29bee550e4ae65c58535b879c84efe81ca01cf783:922c64590222798bb761d5b6d8e72950