VMware Horizon Login Panel - Detect

What is the "VMware Horizon Login Panel - Detect?"

The "VMware Horizon Login Panel - Detect" module is designed to detect the presence of the VMware Horizon login panel. VMware Horizon is a virtual desktop infrastructure (VDI) solution that allows users to access their desktops and applications remotely. This module focuses on identifying the login panel specifically.

This module has an informative severity level, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: dhiyaneshDK, pdteam

Impact

This module does not have a direct impact on the system. It is purely a detection module and does not perform any actions beyond identifying the presence of the VMware Horizon login panel.

How does the module work?

The module works by sending an HTTP GET request to the "/portal/webclient/index.html" path. It then applies matching conditions to the response body to determine if the VMware Horizon login panel is present.

The matching conditions used in this module are:

- Condition 1: The response body must contain the phrase "Missing route token in request" or "VMware Horizon".

If both conditions are met, the module considers the VMware Horizon login panel to be detected.

Example HTTP request:

GET /portal/webclient/index.html

For more information, refer to the VMware Horizon login panel exploit database entry.

Metadata: max-request: 2