From 7b7b375de1ef72ce83c4b2fd6f91cb4a7abe477e Mon Sep 17 00:00:00 2001
From: JP <jp@sprocket.tailbecf.ts.net>
Date: Mon, 4 Mar 2024 14:09:07 -0600
Subject: [PATCH] Added Lucee Unset Credentials Template

---
 .../other/lucee-unset-credentials.yaml        | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 http/vulnerabilities/other/lucee-unset-credentials.yaml

diff --git a/http/vulnerabilities/other/lucee-unset-credentials.yaml b/http/vulnerabilities/other/lucee-unset-credentials.yaml
new file mode 100644
index 0000000000..94d96ca638
--- /dev/null
+++ b/http/vulnerabilities/other/lucee-unset-credentials.yaml
@@ -0,0 +1,29 @@
+id: lucee-unset-credentials
+
+info:
+  name: Lucee - Unset Credentials
+  author: jpg0mez
+  severity: high
+  description: The Lucee admin panel has a first-time setup page which allows any user to set the administrator password.
+  reference:
+    - https://luceeserver.atlassian.net/browse/LDEV-926
+    - https://www.petefreitag.com/blog/lucee-admin-password-box/
+  classification:
+    cwe-id: CWE-798
+  metadata:
+    max-request: 2
+  tags: lucee,default-login,unauth
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/lucee/admin/web.cfm"
+      - "{{BaseURL}}/lucee/admin/server.cfm"
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        words:
+          - "lucee"
+          - "New Password"
+        part: body
+        condition: and