id: unauth-redis-insight

info:
  name: RedisInsight - Unauthenticated Access
  author: ggranjus
  severity: high
  description: |
    RedisInsight was able to be accessed because no authentication was required.
  reference:
    - https://redis.com/redis-enterprise/redis-insight/
  metadata:
    verified: 'true'
    max-request: 1
    shodan-query: title:"RedisInsight"
  tags: redis,redisinsight,unauth,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<title>RedisInsight</title>"

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100bc3aaba422001bf8f07a932309ddfa713b39e5b79c551e02a18e092e039f019a022100ba3f835cc5e6d0de75819d2b204dc099bb01a5f85cee1f37da525f6314a162a9:922c64590222798bb761d5b6d8e72950