nuclei-templates/http/exposures/configs/keycloak-openid-config.yaml

38 lines
1.1 KiB
YAML
Raw Normal View History

2021-07-14 12:08:01 +00:00
id: keycloak-openid-config
info:
2023-02-11 04:59:55 +00:00
name: Keycloak OpenID Configuration - Detect
2021-07-14 12:08:01 +00:00
author: rodnt
severity: info
description: Keycloak Openid configuration information was detected.
reference:
- https://issues.jboss.org/browse/KEYCLOAK-571
classification:
2023-03-03 15:27:54 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
2023-10-14 11:27:55 +00:00
cvss-score: 0
cwe-id: CWE-200
metadata:
max-request: 2
2023-10-14 11:27:55 +00:00
tags: keycloak,config,exposure
2021-07-14 12:08:01 +00:00
http:
2021-07-14 12:08:01 +00:00
- method: GET
path:
- "{{BaseURL}}/.well-known/openid-configuration"
2021-07-14 12:54:26 +00:00
- "{{BaseURL}}/auth/realms/master/.well-known/openid-configuration"
2021-07-14 12:08:01 +00:00
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'issuer'
- 'authorization_endpoint'
- 'token_endpoint'
- 'userinfo_endpoint'
- 'jwks_uri'
condition: and
# digest: 4a0a0047304502202046a594d193d1917e5a438527f36b33ee7230c0f035de7c5019809cfa9b2113022100fd74ed3389f1df0bc3eb27dfb579eb6e2d0ed29f38bdb8e69c2de1bcb11523c9:922c64590222798bb761d5b6d8e72950