id: exposed-zookeeper

info:
  name: Apache ZooKeeper - Unauthenticated Access
  author: pdteam
  severity: high
  description: Apache ZooKeeper was able to be accessed without any required authentication.
  reference:
    - https://zookeeper.apache.org/security.html
  metadata:
    max-request: 1
  tags: network,zookeeper,unauth,exposure

tcp:
  - inputs:
      - data: "envi\r\nquit\r\n"

    host:
      - "{{Hostname}}"
    port: 2181
    read-size: 2048

    matchers:
      - type: word
        words:
          - "zookeeper.version"
# digest: 4a0a00473045022014b3e49e3178002b8dcd33b9d693d9f46eeb889f0eaa6a018af2df218c4ff7ba022100f98b32691d42de5653570b72cf83b1895de00ca6c195b9a3e3b05885b12624bf:922c64590222798bb761d5b6d8e72950