id: tidb-unauth

info:
  name: TiDB - Unauthenticated Access
  author: lu4nx
  severity: high
  description: TiDB server was able to be accessed because no authentication was required.
  metadata:
    max-request: 1
    zoomeye-query: tidb +port:"4000"
  tags: network,tidb,unauth,misconfig

tcp:
  - inputs:
      - read: 1024              # skip handshake packet
      - data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c  # authentication
        type: hex

    host:
      - "{{Hostname}}"
    port: 4000

    read-size: 1024

    matchers:
      - type: binary
        binary:
          # resp format:
          # 07: length, 02: sequence number, 00: success
          - "0700000200000002000000"
# digest: 4b0a004830460221009eb20c63b51216f217106d014723374eb6431cf0bcc6bb59280dd17d7b9e0b31022100b8f6928f5af251b6f456c4524ed3417563142cb4203a43c11102c9aeb152991d:922c64590222798bb761d5b6d8e72950