Glances Unauthenticated Panel

What is the "Glances Unauthenticated Panel?"

The "Glances Unauthenticated Panel" module is designed to detect a misconfiguration in the Glances software. Glances is a system monitoring tool that provides information about various aspects of a server or web server. This module specifically targets instances of Glances running in web server mode without authentication, which can lead to information disclosure. The severity of this misconfiguration is classified as low.

This module was authored by remonsec.

Impact

If the Glances software is running in web server mode without authentication, it can potentially expose sensitive information to unauthorized individuals. This information disclosure can include system details, server configurations, and other potentially sensitive data.

How does the module work?

The "Glances Unauthenticated Panel" module works by sending HTTP requests to the target server and analyzing the responses based on predefined matching conditions. The module checks for two specific conditions:

- The HTTP response status code must be 200, indicating a successful request. - The response body must contain the HTML tag "<title>Monitor</title>", indicating the presence of a specific webpage title.

If both conditions are met, the module considers the target server to be running Glances in web server mode without authentication, potentially leading to information disclosure.

Here is an example of an HTTP request that the module may send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner

The module then evaluates the response based on the matching conditions described above.

It is important to note that this module is designed to detect the misconfiguration and does not attempt to exploit or further compromise the target server.

For more information, you can refer to the Glances documentation.

Metadata: max-request: 1