Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Glances Unauthenticated Panel" module is designed to detect a misconfiguration in the Glances software. Glances is a system monitoring tool that provides information about various aspects of a server or web server. This module specifically targets instances of Glances running in web server mode without authentication, which can lead to information disclosure. The severity of this misconfiguration is classified as low.
This module was authored by remonsec.
If the Glances software is running in web server mode without authentication, it can potentially expose sensitive information to unauthorized individuals. This information disclosure can include system details, server configurations, and other potentially sensitive data.
The "Glances Unauthenticated Panel" module works by sending HTTP requests to the target server and analyzing the responses based on predefined matching conditions. The module checks for two specific conditions:
If both conditions are met, the module considers the target server to be running Glances in web server mode without authentication, potentially leading to information disclosure.
Here is an example of an HTTP request that the module may send:
GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner
The module then evaluates the response based on the matching conditions described above.
It is important to note that this module is designed to detect the misconfiguration and does not attempt to exploit or further compromise the target server.
For more information, you can refer to the Glances documentation.
Metadata: max-request: 1