HashiCorp Consul Web UI Login Panel - Detect

What is the "HashiCorp Consul Web UI Login Panel - Detect?"

The "HashiCorp Consul Web UI Login Panel - Detect" module is designed to detect the presence of the HashiCorp Consul Web UI login panel. Consul is a service mesh solution that provides a distributed system for service discovery and configuration. This module focuses specifically on identifying the login panel within the Consul Web UI.

The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by c-sh0.

Impact

This module does not have a direct impact on the security or functionality of the Consul Web UI. It simply detects the presence of the login panel, providing information about the configuration of the Consul deployment.

How does the module work?

The module works by sending an HTTP GET request to the "/ui/" path of the target Consul Web UI. It then applies matching conditions to determine if the login panel is present.

The matching conditions for this module are as follows:

- The HTTP response status code must be 200. - The response body must contain either the HTML title tag "<title>Consul by HashiCorp</title>" or the URL-encoded string "%22%2C%22CONSUL_COPYRIGHT_URL%22%3A%22https%3A%2F%2Fwww.hashicorp.com%22".

If both of these conditions are met, the module considers the login panel to be present.

Example HTTP request:

GET /ui/ HTTP/1.1
Host: [target host]

Note: Replace "[target host]" with the actual host of the Consul Web UI.