noVNC Login Panel - Detect

What is the "noVNC Login Panel - Detect?" module?

The "noVNC Login Panel - Detect" module is designed to detect the presence of a noVNC login panel. noVNC is a web-based VNC client that allows users to access remote desktops through a web browser. This module specifically targets the login panel of noVNC.

The severity of this module is classified as informative, which means it provides information about the presence of the login panel but does not indicate any specific vulnerability or misconfiguration.

This module was authored by tess.

Impact

The presence of a noVNC login panel may indicate that the target system is using noVNC for remote desktop access. However, the module does not provide any information about the security posture or potential vulnerabilities of the login panel.

How does the module work?

The "noVNC Login Panel - Detect" module works by sending an HTTP GET request to the target system's "/vnc.html" endpoint. It then applies two matching conditions to determine if the login panel is present:

- The module checks if the response body contains the HTML tag "<title>noVNC</title>". This indicates that the page is the noVNC login panel. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the noVNC login panel.