32 lines
1.0 KiB
YAML
32 lines
1.0 KiB
YAML
id: kubernetes-fake-certificate
|
|
|
|
info:
|
|
name: Kubernetes Fake Ingress Certificate - Detect
|
|
author: kchason
|
|
severity: low
|
|
description: |
|
|
Kubernetes Fake Ingress Certificate is a feature in Kubernetes that allows users to create and use fake or self-signed SSL/TLS certificates for testing purposes without having to obtain a real SSL/TLS certificate from a trusted Certificate Authority (CA).
|
|
remediation: Purchase or generate a proper SSL certificate for this service.
|
|
reference:
|
|
- https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/
|
|
metadata:
|
|
max-request: 1
|
|
verified: "true"
|
|
shodan-query: ssl:"Kubernetes Ingress Controller Fake Certificate"
|
|
tags: ssl,kubernetes,tls,self-signed
|
|
|
|
ssl:
|
|
- address: "{{Host}}:{{Port}}"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'subject_cn == "Kubernetes Ingress Controller Fake Certificate"'
|
|
- 'issuer_cn == "Kubernetes Ingress Controller Fake Certificate"'
|
|
condition: or
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- '"Issuer: " + issuer_cn'
|