WSO2 Management Console Login Panel - Detect

What is the "WSO2 Management Console Login Panel - Detect?"

The "WSO2 Management Console Login Panel - Detect" module is designed to detect the presence of the WSO2 Management Console login panel. WSO2 Management Console is a web-based interface used for managing WSO2 Carbon Server. This module focuses on detecting misconfigurations or vulnerabilities related to the login panel.

This module has an informative severity level, which means it provides valuable information without indicating a critical security issue.

Impact

This module does not directly impact the system. Instead, it helps identify potential security weaknesses or misconfigurations in the WSO2 Management Console login panel. By detecting these issues, system administrators can take appropriate actions to secure the login panel and prevent unauthorized access.

How the module works?

The "WSO2 Management Console Login Panel - Detect" module works by sending an HTTP GET request to the "/carbon/admin/login.jsp" path of the target system. It then applies two matching conditions to determine if the WSO2 Management Console login panel is present:

- The response should contain either the "" or "WSO2 Carbon Server" keywords. This indicates that the login panel is present. - The HTTP response status code should be 200, indicating a successful request. This ensures that the login panel is accessible.

If both matching conditions are met, the module reports a successful detection of the WSO2 Management Console login panel.

For example, the module's HTTP request template would look like this:

GET /carbon/admin/login.jsp

Overall, the "WSO2 Management Console Login Panel - Detect" module helps system administrators identify any misconfigurations or vulnerabilities related to the WSO2 Management Console login panel, allowing them to take appropriate actions to secure the system.