I would like to work on this

Hi @redex557,

Thanks for picking up this request. Please complete the following items before the implementation:

• Conduct vulnerability research with a brief description of how the plugin would work
• Submit the vulnerable configuration of the target application to google/security-testbeds.

@redex557 Is there any update on this request? If not, I will release this back to the pool.

@maoning I already wrote a plugin for Argo CD and I think you should assign this to me, this is two weeks now, and according to the rules, this AI PRP should be back in the pool now!

@maoning there is one default credential for current recent versions in here.
I checked previous versions and they don't have default creds.
there is only one CVE that needs to brute force the unsafe PRNG string too which is not feasible quickly. the blog post: https://web.archive.org/web/20220330042723/soluble.ai/blog/argo-cves-2020

@JamesFoxxx Thanks for providing the details, including the default credential you linked is sufficient for this weak credential tester. Could you check how to test for successful authentication for ArgoCD (is relying on network request sufficient)?

@maoning argo-cd contains a login page, we can check for successful login message.

@JamesFoxxx Please complete the following items before the implementation:

• Submit the vulnerable configuration of the target application to google/security-testbeds.
• Submit our participation form before starting working on the development.

@maoning I found two additional default passwords here: https://github.com/argoproj/argo-cd/blob/dd3bb2bad44293a6d0852674d1982e9d066b6001/docs/faq.md?plain=1#L59-L64
I already wrote the plugin because it is hard to jump into argo-cd again after I wrote one plugin.
I'm waiting for your confirmation to create a PR.