Sophos Firewall Login Panel - Detect

What is the "Sophos Firewall Login Panel - Detect?"

The "Sophos Firewall Login Panel - Detect" module is designed to detect the presence of the Sophos Firewall login panel. It targets the Sophos Firewall software and helps identify potential misconfigurations or vulnerabilities. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by organiccrap and daffainfo.

Impact

The detection of the Sophos Firewall login panel does not directly indicate any impact or risk. However, it can be an important step in assessing the security posture of a network protected by Sophos Firewall. By identifying the login panel, administrators can ensure proper configuration and take necessary actions to mitigate any potential vulnerabilities.

How does the module work?

The "Sophos Firewall Login Panel - Detect" module operates by sending HTTP requests to specific paths associated with the Sophos Firewall login panel. It uses matching conditions to determine if the login panel is present.

One example of an HTTP request sent by this module is:

GET /webconsole/webpages/login.jsp

The module uses two matching conditions:

- The first condition checks if the response body contains the words "<title>Sophos</title>" or "uiLangToHTMLLangAttributeValueMapping". - The second condition verifies that the HTTP response status is 200 (OK).

Both conditions must be met for the module to detect the Sophos Firewall login panel.

It is important to note that this module is part of the Vidoc platform, which utilizes multiple modules to perform scanning and testing. Each module represents a specific test case.