Description

The Haproxy provides Data Plane API for accessing various information and configuring it. Acunetix determined that it was possible to access this API without authentication or using weak/known login and password.

Remediation

Restrict access to the Haproxy Data Plane API interface

References

Data Plane API Installation

Related Vulnerabilities

The Heartbleed Bug

CodeIgniter development mode enabled

Broken Link Hijacking

WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)

WordPress Plugin User Meta Manager Information Disclosure (3.4.7)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Default Credentials Weak Credentials Configuration Abuse Of Functionality