id: unauth-redis-insight

info:
  name: RedisInsight - Unauthenticated Access
  author: ggranjus
  severity: high
  description: |
    RedisInsight was able to be accessed because no authentication was required.
  reference:
    - https://redis.com/redis-enterprise/redis-insight/
  metadata:
    verified: 'true'
    max-request: 1
    shodan-query: title:"RedisInsight"
  tags: redis,redisinsight,unauth,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<title>RedisInsight</title>"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100950fc32ce1a33bbb51311c97e1b97e73b52146a37252c85af42fda35cb477b7c022100ebf01f586cd4d65faab77f6d272aeaefb9d4df6e47d8f34a5f2e5b024604ec08:922c64590222798bb761d5b6d8e72950