Proxmox Virtual Environment Login Panel - Detect

What is the "Proxmox Virtual Environment Login Panel - Detect?"

The "Proxmox Virtual Environment Login Panel - Detect" module is designed to detect the presence of the Proxmox Virtual Environment login panel. Proxmox Virtual Environment is an open-source server virtualization management platform that allows users to create and manage virtual machines and containers. This module focuses on identifying the login panel specifically.

The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by lum8rjack.

Impact

This module does not have a direct impact on the system or application being scanned. It simply detects the presence of the Proxmox Virtual Environment login panel, providing information about its existence.

How does the module work?

The module works by sending HTTP requests to the target system and analyzing the responses. It uses two matching conditions to identify the Proxmox Virtual Environment login panel:

- The first matching condition checks the response body for specific words, including "Proxmox Virtual Environment" and "auth_cookie_name: 'PVEAuthCookie'". If either of these words is found, the condition is met. - The second matching condition verifies that the HTTP response status is 200, indicating a successful request.

By combining these matching conditions, the module determines whether the Proxmox Virtual Environment login panel is present on the target system.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com

The module then analyzes the response to determine if it matches the specified conditions.

Classification

CWE-ID: CWE-200

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Reference

- https://www.proxmox.com/

Metadata

max-request: 1

verified: true

shodan-query: http.favicon.hash:21314