CVE-2019-11202 in Rancher
Summary
by MITRE
An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/14/2023
The vulnerability described in CVE-2019-11202 represents a critical authentication flaw in Rancher container management platforms across multiple version ranges including v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. This issue stems from the platform's improper handling of administrative user lifecycle management during initial system startup. When Rancher initializes for the first time, it automatically generates a default administrative user account with a predictable and well-known password, creating a persistent security weakness that persists across system restarts regardless of administrator actions to remove the account. The flaw manifests in the platform's failure to properly persist the deletion of this default administrative user, effectively allowing the system to recreate the account with its original credentials upon restart operations. This vulnerability directly maps to CWE-798, which addresses the use of hardcoded credentials, and CWE-259, concerning the use of hard-coded passwords. The security implications are severe as the default password remains unchanged even after administrators attempt to delete the account, providing attackers with a consistent method to gain administrative access to Rancher management interfaces. The vulnerability also aligns with ATT&CK technique T1078.004, which covers legitimate credentials, specifically focusing on default accounts. The operational impact of this flaw extends beyond simple unauthorized access, as it can lead to complete system compromise and unauthorized modification of container orchestration configurations. Attackers exploiting this vulnerability could potentially gain control over containerized applications, modify network policies, access sensitive data, and establish persistence within the infrastructure. The recommended mitigation strategy involves deactivating rather than deleting the default admin user, which prevents the system from recreating the account with default credentials during restart operations. This approach effectively addresses the root cause by ensuring that the default administrative account cannot be automatically re-enabled, thereby maintaining the security posture established by administrators. Organizations should also implement additional security controls such as network segmentation, regular credential rotation, and monitoring for unauthorized access attempts to further protect against exploitation of this vulnerability. The flaw demonstrates a fundamental failure in privilege management and account lifecycle handling within the Rancher platform, highlighting the importance of proper security design principles in enterprise container management solutions.