Fastvue Dashboard Panel - Unauthenticated Detect

What is the "Fastvue Dashboard Panel - Unauthenticated Detect?"

The "Fastvue Dashboard Panel - Unauthenticated Detect" module is designed to detect the presence of the Fastvue Dashboard panel without authentication. Fastvue Dashboard is a software used for reporting and monitoring network activity, specifically for Sophos Reporter and SonicWall. This module focuses on identifying instances where the dashboard panel is accessible without the need for proper authentication.

This module has a medium severity level, indicating that it poses a moderate risk if left unaddressed. It is important to ensure that proper authentication measures are in place to protect sensitive information.

Author: DhiyaneshDK

Impact

If the Fastvue Dashboard panel is accessible without authentication, it can potentially expose sensitive network activity and data to unauthorized individuals. This can lead to unauthorized access, data breaches, and compromise of network security.

How does the module work?

The module works by sending an HTTP GET request to the "/dashboard.aspx" path. It then applies a series of matching conditions to determine if the Fastvue Dashboard panel is accessible without authentication.

Matching conditions:

- The response must contain either the "<title>Fastvue Sophos Reporter</title>" or "<title>Fastvue Reporter for SonicWall</title>" keywords in the HTML title. - The response body must contain the keyword "Dashboard". - The response status code must be 200 (OK).

If all of these conditions are met, the module will flag the Fastvue Dashboard panel as being accessible without authentication.

Example HTTP request:

GET /dashboard.aspx

Note: The above example is a simplified representation of the HTTP request. Actual requests may contain additional headers or parameters.