Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Atom Synchronization Exposure" module is designed to detect a misconfiguration vulnerability in the Atom text editor. It targets the remote-sync plugin used for synchronizing files between different instances of Atom. This module has a high severity level and was authored by geeknik.
This module exposes sensitive information, including usernames and passwords, created by the remote-sync plugin for Atom. It also reveals FTP and/or SCP/SFTP/SSH server details and credentials. This vulnerability can potentially lead to unauthorized access and compromise of the synchronized files.
The "Atom Synchronization Exposure" module works by sending an HTTP GET request to the /.remote-sync.json
path. It then applies several matching conditions to determine if the misconfiguration vulnerability exists:
"hostname"
and "username"
.
- The response body must also contain either the word "passphrase"
or "password"
.
- The response header must include the word "application/json"
.
- The HTTP status code must be 200.
If all of these conditions are met, the module reports the vulnerability.
Example HTTP request:
GET /.remote-sync.json
Note: The actual JSON definitions of the module are not shown here for simplicity.
This module is part of the Vidoc platform, which utilizes multiple modules to perform scanning and identify various security issues.