VerneMQ Status Page

What is the "VerneMQ Status Page?"

The "VerneMQ Status Page" module is designed to detect misconfigurations in the VerneMQ messaging broker. VerneMQ is an open-source MQTT broker that allows for scalable and reliable messaging between devices and applications. This module focuses on scanning the VerneMQ status page to identify any potential issues or vulnerabilities.

This module has a low severity level, indicating that any detected misconfigurations may have a minimal impact on the overall security of the system.

This module was authored by geeknik.

Impact

If misconfigurations are detected by this module, it could potentially lead to security vulnerabilities in the VerneMQ messaging broker. These vulnerabilities may allow unauthorized access, data leakage, or other security breaches.

How does the module work?

The "VerneMQ Status Page" module sends a GET request to the "/status" endpoint of the VerneMQ broker. It then applies matching conditions to the response to determine if any misconfigurations are present.

The matching conditions for this module include:

- Checking for specific words in the response body, such as "VerneMQ," "Issues," "Cluster Overview," and "Node Status." - Verifying that the HTTP response status code is 200.

If both matching conditions are met, the module will report a potential misconfiguration in the VerneMQ messaging broker.

Example HTTP request:

GET /status

For more information about VerneMQ, you can refer to the official GitHub repository.

Metadata: max-request: 1