Unauthenticated Etherpad

What is the "Unauthenticated Etherpad?"

The "Unauthenticated Etherpad" module is designed to detect instances of Etherpad that have a misconfiguration, allowing users to add new notes without authentication. Etherpad is a collaborative online editor that enables multiple users to work on a document simultaneously. This module has a low severity level and was authored by philippedelteil.

Impact

If an Etherpad instance is unauthenticated, it means that anyone can add new notes without needing to provide any credentials. This can lead to unauthorized access and potential misuse of the platform. It is important to ensure that proper authentication measures are in place to protect sensitive information.

How the module works?

The "Unauthenticated Etherpad" module works by sending HTTP requests to the target Etherpad instance and checking for specific conditions. It looks for the presence of certain keywords, such as "index.createOpenPad" and "index.newPad," in the body of the response. Additionally, it verifies that the HTTP status code is 200, indicating a successful request.

By matching these conditions, the module can identify instances of Etherpad that allow unauthenticated access to create new notes. This information can then be used to address the misconfiguration and enhance the security of the Etherpad installation.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner

The module's matching conditions are:

- The body of the response must contain the keywords "index.createOpenPad" and "index.newPad". - The HTTP status code must be 200.

When these conditions are met, the module will flag the Etherpad instance as having an unauthenticated access vulnerability.