Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Glowroot Anonymous User
By kannthu
Vidoc ModuleDescription
What is the "Glowroot Anonymous User" module?
The "Glowroot Anonymous User" module is a test case designed to detect misconfigurations in the Glowroot software. It specifically targets the anonymous user access feature. The severity of the vulnerability is assessed as high. This module was authored by [Author Name].
Impact
The "Glowroot Anonymous User" module aims to identify potential misconfigurations in the Glowroot software. If the module detects a misconfiguration, it indicates that the anonymous user access feature may be improperly configured, potentially leading to unauthorized access or other security vulnerabilities.
How the module works?
The "Glowroot Anonymous User" module utilizes HTTP request templates and matching conditions to assess the configuration of the anonymous user access feature in Glowroot. It sends a GET request to the "/backend/admin/users?username=anonymous" endpoint and applies several matching conditions to determine if a misconfiguration exists.
The matching conditions include:
- Checking if the response contains the following words: ""username":"anonymous"", ""Administrator"", and ""newPassword":""".
- Verifying that the response header includes the word "application/json".
- Ensuring that the response status code is 200.
If all the matching conditions are met, the module identifies a potential misconfiguration in the Glowroot anonymous user access feature.