Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Glowroot Anonymous User

By kannthu

Vidoc logoVidoc Module

What is the "Glowroot Anonymous User" module?

The "Glowroot Anonymous User" module is a test case designed to detect misconfigurations in the Glowroot software. It specifically targets the anonymous user access feature. The severity of the vulnerability is assessed as high. This module was authored by [Author Name].


The "Glowroot Anonymous User" module aims to identify potential misconfigurations in the Glowroot software. If the module detects a misconfiguration, it indicates that the anonymous user access feature may be improperly configured, potentially leading to unauthorized access or other security vulnerabilities.

How the module works?

The "Glowroot Anonymous User" module utilizes HTTP request templates and matching conditions to assess the configuration of the anonymous user access feature in Glowroot. It sends a GET request to the "/backend/admin/users?username=anonymous" endpoint and applies several matching conditions to determine if a misconfiguration exists.

The matching conditions include:

- Checking if the response contains the following words: ""username":"anonymous"", ""Administrator"", and ""newPassword":""". - Verifying that the response header includes the word "application/json". - Ensuring that the response status code is 200.

If all the matching conditions are met, the module identifies a potential misconfiguration in the Glowroot anonymous user access feature.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: "username":"anonymous", "Administrator",...and
word: application/jsonand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability