id: apache-rocketmq-broker-unauth info: name: Apache Rocketmq Broker - Unauthenticated Access author: j4vaovo severity: high description: | Apache Rocketmq Unauthenticated Access were detected. reference: - https://rocketmq.apache.org/docs/bestPractice/03access metadata: fofa-query: protocol="rocketmq" max-request: 2 shodan-query: title:"RocketMQ" verified: true tags: network,rocketmq,broker,apache,unauth,misconfig tcp: - inputs: - data: "000000c9000000b17b22636f6465223a32352c226578744669656c6473223a7b224163636573734b6579223a22726f636b65746d7132222c225369676e6174757265223a222b7a6452645575617a6953516b4855557164727477673146386a6b3d227d2c22666c6167223a302c226c616e6775616765223a224a415641222c226f7061717565223a302c2273657269616c697a655479706543757272656e74525043223a224a534f4e222c2276657273696f6e223a3433337d746573745f6b65793d746573745f76616c75650a0a" type: hex host: - "{{Hostname}}" - "{{Host}}:10911" read-size: 2048 matchers-condition: and matchers: - type: word words: - serializeTypeCurrentRPC - language - opaque - version condition: and - type: word words: - "HTTP" - "FTP" negative: true