Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Unauthenticated LDAP Account Manager" module is designed to detect misconfigurations in LDAP Account Manager software. It targets instances of the software that are accessible without authentication. This module has a medium severity level and was authored by tess.
If a misconfigured instance of LDAP Account Manager is detected, it could potentially expose sensitive information or allow unauthorized access to user profiles. This could lead to unauthorized modifications or unauthorized access to user data.
The "Unauthenticated LDAP Account Manager" module works by sending an HTTP GET request to the "/templates/config/profmanage.php" path. It then applies a series of matching conditions to determine if the target is vulnerable. The matching conditions include checking for specific words in the response body, such as "LDAP Account Manager," "Profile management," and "Add profile." Additionally, it checks for the presence of the "text/html" header and a 200 status code.
By analyzing the response, the module can identify instances of LDAP Account Manager that are accessible without authentication and potentially vulnerable to misconfiguration.