Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Fortinet FortiNAC Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#fortinet#fortinac#login
Description

What is the "Fortinet FortiNAC Login Panel - Detect" module?

The "Fortinet FortiNAC Login Panel - Detect" module is designed to detect the presence of the Fortinet FortiNAC login panel. Fortinet FortiNAC is a network access control solution that helps organizations secure their networks by enforcing policies and monitoring network access. This module focuses on identifying the login panel, which can provide valuable information about the presence of the FortiNAC solution.

This module has an informative severity level, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by johnk3r.

Impact

The detection of the Fortinet FortiNAC login panel does not directly indicate any impact or risk. It simply provides information about the presence of the login panel, which can be useful for further analysis and assessment of the network security posture.

How does the module work?

The module works by sending an HTTP GET request to the "/WelcomeActions.jsp?action=ajaxGetWelcomeViewInfo" endpoint. It then applies two matching conditions to determine if the FortiNAC login panel is present:

- The response body must contain the words "FortiNAC" and "\"product\":". - The response status code must be 200.

If both conditions are met, the module considers the Fortinet FortiNAC login panel to be detected.

Here is an example of the HTTP request sent by the module:

GET /WelcomeActions.jsp?action=ajaxGetWelcomeViewInfo

The module does not perform any further actions or exploit any vulnerabilities. It solely focuses on detecting the presence of the login panel.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/WelcomeActions.jsp?...
Matching conditions
word: FortiNAC, "product":and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability