Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The SFTP Config File Disclosure module is a security module designed to detect misconfigurations in SFTP (Secure File Transfer Protocol) configurations. It focuses on identifying instances where sensitive information, such as host, user, password, and remote path, is exposed in the SFTP configuration file.
This module is created by an unknown author and has a severity level of high.
A misconfigured SFTP configuration file can lead to unauthorized access to sensitive data and potential security breaches. Exposing critical information like host, user, password, and remote path can provide attackers with the necessary credentials to gain unauthorized access to the SFTP server and potentially compromise the entire system.
The SFTP Config File Disclosure module works by sending an HTTP GET request to the "/sftp-config.json" path. It then applies two matching conditions to determine if a misconfiguration is present:
If both conditions are met, the module reports a vulnerability, indicating that the SFTP configuration file is exposed and potentially misconfigured.