Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WatchGuard Fireware AD Helper Component - Credentials Disclosure

By kannthu

Critical
Vidoc logoVidoc Module
#watchguard#disclosure#edb
Description
Author: gy741 Classification CWE-ID: CWE-288 CVSS-Metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS-Score: 10 WatchGuard Fireware Threat Detection and Response (TDR) service contains a credential-disclosure vulnerability in the AD Helper component that allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. Reference - https://www.exploit-db.com/exploits/48203 - https://www.watchguard.com/wgrd-blog/tdr-ad-helper-credential-disclosure-vulnerability Metadata max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/rest/domains/list?s...
Matching conditions
word: "fullyQualifiedName", "logonDomain", "us...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability