BeyondTrust Privileged Access Management Login - Detect

What is the "BeyondTrust Privileged Access Management Login - Detect" module?

The "BeyondTrust Privileged Access Management Login - Detect" module is designed to detect the presence of the BeyondTrust Privileged Access Management login panel. BeyondTrust Privileged Access Management is a software solution that helps organizations manage and secure privileged access to critical systems and data. This module focuses on identifying potential misconfigurations or vulnerabilities related to the login panel.

The severity of this module is classified as informative, meaning it provides valuable information but does not indicate an immediate security risk.

This module was authored by r3dg33k and nuk3s3c.

Impact

The impact of detecting the BeyondTrust Privileged Access Management login panel is primarily informational. It helps security professionals gain insights into the presence and configuration of this specific software component within a target environment. This information can be used to assess the overall security posture and potential risks associated with the BeyondTrust Privileged Access Management solution.

How does the module work?

The module works by sending an HTTP GET request to the "/WebConsole/api/security/auth/loginServers" endpoint. It then applies two matching conditions to determine if the login panel is present:

- The response status code must be 200. - The response body must contain the following patterns: "DomainName":"(.*)" and "domains".

If both conditions are met, the module reports a successful detection of the BeyondTrust Privileged Access Management login panel.

Here is an example of the HTTP request sent by the module:

GET /WebConsole/api/security/auth/loginServers

The module's matching conditions ensure that the response status code is 200 and that the response body contains the specified patterns. These conditions help identify the presence of the login panel within the target system.