Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Keycloak JSON File

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#keycloak#config#files
Description

What is the "Keycloak JSON File" module?

The "Keycloak JSON File" module is a test case designed to detect misconfigurations in the Keycloak configuration files. Keycloak is an open-source identity and access management solution that provides single sign-on capabilities for web applications.

This module focuses on the exposure of sensitive information in the Keycloak JSON file, such as the realm, resource, and auth-server-url. By scanning for these specific keywords, the module can identify potential misconfigurations that may lead to security vulnerabilities.

The severity of this module is classified as informative, meaning it provides valuable information about potential misconfigurations but does not directly indicate a vulnerability or exploit.

Impact

If misconfigurations are detected in the Keycloak JSON file, it could lead to unauthorized access, data breaches, or other security risks. By exposing sensitive information, attackers may gain insights into the authentication and authorization mechanisms of the Keycloak instance, potentially compromising the security of the entire system.

How the module works?

The "Keycloak JSON File" module works by sending an HTTP GET request to the "/keycloak.json" path. It then applies matching conditions to determine if the response contains the expected keywords and if the status code is 200 (indicating a successful response).

For example, the module checks if the response contains the words "realm," "resource," and "auth-server-url" using a word matcher. It also verifies that the status code is 200 using a status matcher.

If both matching conditions are met, the module reports a potential misconfiguration in the Keycloak JSON file.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/keycloak.json
Matching conditions
word: realm, resource, auth-server-urland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability