Update aem-login-status.yaml

2022-03-12 14:26:52 +05:30 · 2022-03-12 14:26:52 +05:30 · 8301e80261
parent e910091f08
commit 8301e80261
1 changed files with 1 additions and 0 deletions
--- a/misconfiguration/aem/aem-login-status.yaml
+++ b/misconfiguration/aem/aem-login-status.yaml
@ -4,6 +4,7 @@ info:
  author: DhiyaneshDk
  name: AEM Login Status
  severity: info
+  description: LoginStatusServlet is exposed, it allows to bruteforce credentials.
  reference:
    - https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212
    - https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/LoginStatusServletExposed.java