Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The PMM Installation Wizard is a module designed to detect misconfigurations and vulnerabilities related to the installation process of PMM (Percona Monitoring and Management). PMM is a free and open-source platform used for monitoring and managing the performance of MySQL and MongoDB databases.
This module has a high severity level, indicating that it targets critical issues that can potentially lead to security breaches or system failures.
If misconfigurations or vulnerabilities are detected during the PMM installation process, it can expose sensitive information or provide unauthorized access to the system. This can result in data breaches, compromised database performance, or unauthorized control over the monitored databases.
The PMM Installation Wizard module works by sending HTTP requests to specific paths on the target system. It then applies matching conditions to determine if the installation process is vulnerable or misconfigured.
For example, one of the HTTP requests sent by this module is a GET request to the path "/password-page/ovf/account-credentials-ovf". The module checks if the response body contains the phrase "PMM Installation Wizard", the response header includes "text/html", and the response status is 200 (OK).
If all the matching conditions are met, the module reports a vulnerability or misconfiguration related to the PMM installation process.
Note: The above description provides an overview of the module's purpose, impact, and how it works. For more technical details and the actual JSON definitions, please refer to the module's documentation.