Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AEM Login Status

By kannthu

Informative
Vidoc logoVidoc Module
#aem#adobe
Description

What is the "AEM Login Status?" module?

The "AEM Login Status" module is a test case designed to detect vulnerabilities in Adobe Experience Manager (AEM) web applications. It specifically targets the LoginStatusServlet, which is exposed and can potentially be exploited to perform brute force attacks on user credentials. The severity of this vulnerability is informative, indicating that it may not pose an immediate threat but should still be addressed to ensure the security of the application.

This module was authored by DhiyaneshDk.

Impact

If the LoginStatusServlet is left exposed and vulnerable, it can allow malicious actors to attempt brute force attacks on user credentials. This can lead to unauthorized access to the application and compromise the security and privacy of user data.

How does the module work?

The "AEM Login Status" module utilizes HTTP request templates and matching conditions to identify the presence of the LoginStatusServlet and potential vulnerabilities. It sends a GET request to the following paths:

/system/sling/loginstatus
/system/sling/loginstatus.css
///system///sling///loginstatus

The module then applies the following matching conditions:

- Check if the response status is 200 (OK). - Check if the response contains the word "CREDENTIAL_CHALLENGE".

If both conditions are met, the module will report a vulnerability.

For more information on this vulnerability, you can refer to the following resources:

- https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212 - https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/Lo

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/system/sling/logins.../system/sling/logins...///system///sling///...
Matching conditions
status: 200and
word: CREDENTIAL_CHALLENGE
Passive global matcher
No matching conditions.
On match action
Report vulnerability