Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

DEOS OPENview Admin Panel Unauthenticated Access

By kannthu

High
Vidoc logoVidoc Module
#openview#disclosure#panel
Description

What is the "DEOS OPENview Admin Panel Unauthenticated Access" module?

The "DEOS OPENview Admin Panel Unauthenticated Access" module is a test case designed to detect a vulnerability in the DEOS OPENview administrative panel. This module targets the DEOS OPENview software and aims to identify instances where the admin panel can be accessed without authentication. The severity of this vulnerability is classified as high.

Impact

If the vulnerability detected by this module is present, it means that unauthorized users can gain access to the DEOS OPENview admin panel without providing any credentials. This can lead to potential unauthorized actions, such as modifying system configurations, accessing sensitive information, or performing malicious activities within the system.

How the module works?

The module works by sending an HTTP GET request to the "/client/index.html" path of the target system. It then applies two matching conditions to determine if the vulnerability exists:

    - The response status code must be 200, indicating a successful request. - The response body must contain the HTML tag "<title>OPENview</title>", indicating the presence of the DEOS OPENview admin panel.

If both conditions are met, the module reports the vulnerability, indicating that unauthenticated access to the admin panel is possible.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/client/index.html
Matching conditions
status: 200and
word: <title>OPENview</title>
Passive global matcher
No matching conditions.
On match action
Report vulnerability