id: aem-userinfo-servlet
info:
author: DhiyaneshDk
name: AEM UserInfo Servlet
severity: info
description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
tags: aem,bruteforce
requests:
- method: GET
path:
- '{{BaseURL}}/libs/cq/security/userinfo.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '"userID":'
- '"userName":'
condition: and
part: header
- 'application/json'