Citrix ADC Gateway Login Panel - Detect

What is the "Citrix ADC Gateway Login Panel - Detect?"

The "Citrix ADC Gateway Login Panel - Detect" module is designed to detect the presence of the Citrix ADC Gateway login panel. This module focuses on identifying misconfigurations or vulnerabilities related to the login panel of the Citrix ADC Gateway software. The severity of this module is classified as informative, meaning it provides valuable information without indicating a critical security issue. The original author of this module is organiccrap.

Impact

This module does not directly impact the security of the Citrix ADC Gateway. Instead, it serves as a detection mechanism to identify potential misconfigurations or vulnerabilities in the login panel. By detecting these issues, administrators can take appropriate actions to secure their Citrix ADC Gateway installation.

How does the module work?

The "Citrix ADC Gateway Login Panel - Detect" module operates by sending HTTP requests to specific paths associated with the login panel. It checks for the presence of a specific string, "_ctxstxt_CitrixCopyright," within the response body. If this string is found, the module considers the login panel to be present.

Here is an example of an HTTP request sent by the module:

GET /logon/LogonPoint/index.html

The module uses a matching condition that requires the presence of the string "_ctxstxt_CitrixCopyright" in the response body. This condition ensures that the login panel is correctly identified.

The module also includes metadata indicating that a maximum of two requests will be made during the scanning process.