diff --git a/misconfiguration/glowroot-anonymous-access.yaml b/misconfiguration/glowroot-anonymous-access.yaml
new file mode 100644
index 0000000000..93fc17a379
--- /dev/null
+++ b/misconfiguration/glowroot-anonymous-access.yaml
@@ -0,0 +1,23 @@
+id: glowroot-anonymous-access
+info:
+  name: Glowroot Anonymous User
+  author: pussycat0x
+  severity: high
+  description: Anonymous user access allows to understand the host internals
+  reference: https://www.shodan.io/search?query=http.title%3A%22Glowroot%22
+  tags: misconfig, unauth
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/error/messages?transaction-type=Web'
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "defaultTransactionType"
+          - "slowThresholdMillis"
+          - "60000"
+          - "Transactions"
+      - type: status
+        status:
+          - 200
\ No newline at end of file