Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GoCd Encryption Key

By kannthu

Low
Vidoc logoVidoc Module
#go#gocd#exposure#misconfig
Description

What is the "GoCd Encryption Key?" module?

The "GoCd Encryption Key" module is a test case designed to detect misconfigurations in the GoCD software. It focuses on identifying potential exposure of the encryption key used by GoCD, which can lead to security vulnerabilities. This module has a low severity level.

Author: dhiyaneshDk

Impact

If the GoCD encryption key is exposed, it can be exploited by attackers to gain unauthorized access to sensitive data and compromise the integrity of the GoCD system. This can result in data breaches, unauthorized modifications, and potential disruption of the software's functionality.

How does the module work?

The "GoCd Encryption Key" module performs HTTP requests to identify the presence of the encryption key and validate its configuration. It uses the following matching conditions:

- Status: The HTTP response status code should be 200. - Regex: The response body should match the regular expression pattern ([a-z0-9]){32}, indicating a 32-character alphanumeric string. - Header: The response should have the header Content-Type: text/plain.

By evaluating these conditions, the module determines if the GoCD encryption key is exposed and reports any vulnerabilities found.

Reference: - https://attackerkb.com/assessments/9101a539-4c6e-4638-a2ec-12080b7e3b50 - https://blog.sonarsource.com/gocd-pre-auth-pipeline-takeover - https://twitter.com/wvuuuuuuuuuuuuu/status/1456316586831323140 Metadata:

shodan-query: http.title:"Create a pip

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/go/add-on/business-...
Matching conditions
status: 200and
regex: ([a-z0-9]){32}and
word: text/plain
Passive global matcher
No matching conditions.
On match action
Report vulnerability