Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The FortiOS Admin Login Panel - Detect module is designed to detect the presence of the FortiOS admin login panel. This module targets instances of the FortiOS software, specifically the admin login panel. It is created by an unknown author. The severity of this module is classified as informative.
The impact of this module is to identify potential misconfigurations or vulnerabilities in the FortiOS admin login panel. By detecting the presence of the login panel, it helps security professionals assess the security posture of their FortiOS instances and take appropriate actions to mitigate any identified risks.
The FortiOS Admin Login Panel - Detect module works by sending an HTTP request to the target system. The request is structured as follows:
GET /api/v2/cmdb/system/admin/admin HTTP/1.1
Host: <Hostname>
The module then applies several matching conditions to determine if the FortiOS admin login panel is present:
- The response body must contain the string "/remote/login". - The response header must contain the string "Server: xxxxxxxx-xxxxx". - The HTTP status code must be 403 (Forbidden).If all of these conditions are met, the module reports a successful detection of the FortiOS admin login panel.
For more information about the FortiOS software and its admin login panel, please refer to the official documentation provided by Fortinet.