Primary

Context

Elunez Eladmin Druid Default Credentials Vulnerability

Vulnerability

A default credentials vulnerability has been identified in Elunez Eladmin versions through 2.7, specifically within the Druid component. The issue arises from hardcoded login credentials in the application-prod.yml configuration file. This vulnerability allows remote attackers to access sensitive operational information by exploiting the default username and password, which are publicly known.

Impact

Exploitation of this vulnerability allows unauthorized users to access the Druid management interface using default credentials, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, access the Druid login page on a server running Elunez Eladmin version 2.7 or earlier. Use the default credentials: username 'admin' and password '123456'.

Added: Aug 4, 2025, 11:17 PM

Updated: Aug 4, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

9.1

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elunez Eladmin Druid Default Credentials Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

elunez eladmin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating