Keycloak Admin Login Panel - Detect

What is the "Keycloak Admin Login Panel - Detect?"

The "Keycloak Admin Login Panel - Detect" module is designed to detect the presence of the Keycloak admin login panel. Keycloak is an open-source identity and access management solution that provides single sign-on capabilities for web applications. This module focuses on identifying the admin login panel, which can be a potential security risk if misconfigured or vulnerable.

This module has an informative severity level, meaning it provides valuable information but does not indicate a direct security threat.

Author: incogbyte, righettod, daffainfo

Impact

The detection of the Keycloak admin login panel does not directly imply any impact or vulnerability. However, it can indicate potential misconfigurations or security weaknesses in the Keycloak setup, which may require further investigation and remediation.

How does the module work?

The "Keycloak Admin Login Panel - Detect" module operates by sending HTTP requests to specific paths associated with the Keycloak admin login panel. It then applies matching conditions to determine if the panel is present.

Example HTTP request:

GET /auth/admin

The module uses the following matching conditions:

- The response body must contain the following words: "<span>Keycloak</span>", "alt=\"Keycloak", "kc-form-buttons", and "/keycloak/img/favicon.ico". - The response status code must be 200.

If both matching conditions are met, the module identifies the presence of the Keycloak admin login panel.