Manage Engine AD Search

What is the "Manage Engine AD Search?"

The "Manage Engine AD Search" module is designed to detect misconfigurations in the Manage Engine AD Manager service. This service can be configured to allow anonymous users to browse the Active Directory (AD) list remotely. The module targets this software to identify potential security vulnerabilities.

Severity: High

Author: PR3R00T

Impact

If misconfigured, the Manage Engine AD Manager service can expose sensitive information from the AD list to unauthorized users. This can lead to potential data breaches, unauthorized access to user accounts, and other security risks.

How does the module work?

The module sends a GET request to the "/ADSearch.cc?methodToCall=search" endpoint of the Manage Engine AD Manager service. It then applies matching conditions to determine if the service is misconfigured.

The matching conditions include:

- Status: The response status code must be 200. - Keywords: The response body must contain the words "ManageEngine" and "ADManager".

If all matching conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /ADSearch.cc?methodToCall=search