Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Unauthenticated LDAP Account Manager

By kannthu

Vidoc logoVidoc Module

What is the "Unauthenticated LDAP Account Manager?"

The "Unauthenticated LDAP Account Manager" module is designed to detect misconfigurations in LDAP Account Manager software. It targets instances of the software that are accessible without authentication. This module has a medium severity level and was authored by tess.


If a misconfigured instance of LDAP Account Manager is detected, it could potentially expose sensitive information or allow unauthorized access to user profiles. This could lead to unauthorized modifications or unauthorized access to user data.

How the module works?

The "Unauthenticated LDAP Account Manager" module works by sending an HTTP GET request to the "/templates/config/profmanage.php" path. It then applies a series of matching conditions to determine if the target is vulnerable. The matching conditions include checking for specific words in the response body, such as "LDAP Account Manager," "Profile management," and "Add profile." Additionally, it checks for the presence of the "text/html" header and a 200 status code.

By analyzing the response, the module can identify instances of LDAP Account Manager that are accessible without authentication and potentially vulnerable to misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: LDAP Account Manager, Profile management...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability