Unauthenticated Axyom Network Manager

Unauthenticated Axyom Network Manager

This module, named "Unauthenticated Axyom Network Manager," is designed to detect a particular misconfiguration vulnerability in the Axyom Network Manager software. The Axyom Network Manager is a software used for managing network configurations and settings. This module focuses on identifying instances where the Axyom Network Manager is accessible without authentication, which poses a high severity risk.

Impact

If the Axyom Network Manager is left unauthenticated, it can potentially expose sensitive network configurations and settings to unauthorized individuals. This can lead to unauthorized access, data breaches, and potential network vulnerabilities.

How the module works?

The module works by sending an HTTP GET request to the "/home" path of the target. It then applies matching conditions to determine if the Axyom Network Manager is present in the response body and if the response status is 200 (OK). If both conditions are met, the module flags the target as vulnerable to the misconfiguration.

Example HTTP request:

GET /home

The module uses the following matching conditions:

- The response body must contain the phrase "Axyom Network Manager". - The response status must be 200 (OK).

If these conditions are met, the module reports the vulnerability, indicating that the Axyom Network Manager is accessible without authentication.