Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Code-Server Login Panel - Detect

By kannthu

Vidoc logoVidoc Module

What is the "Code-Server Login Panel - Detect" module?

The "Code-Server Login Panel - Detect" module is designed to detect the presence of the login panel in the Code-Server software. Code-Server is a web-based version of Visual Studio Code that allows users to access and edit their code remotely. This module focuses on identifying potential misconfigurations or vulnerabilities related to the login panel.

The severity of this module is classified as informative, meaning it provides valuable information about the login panel but does not indicate a critical security issue.

This module was authored by tess.


The detection of the Code-Server login panel does not directly indicate any specific impact. However, it can help identify potential security risks or misconfigurations that may exist within the login panel, such as weak passwords or improper access controls.

How does the module work?

The "Code-Server Login Panel - Detect" module works by sending an HTTP GET request to the "/login" path of the target Code-Server instance. It then applies matching conditions to determine if the login panel is present.

The matching conditions for this module include:

- Checking the response body for specific words, such as "Welcome to code-server" and "Please log in below. Check the config file at ~/.config/code-server/config.yaml for the password." - Verifying that the HTTP response status code is 200 (OK).

If both matching conditions are met, the module reports the detection of the Code-Server login panel.

Example HTTP request:

GET /login

Note: The above example is a simplified representation of the HTTP request sent by the module.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Welcome to code-server, Please log in be...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability