id: aem-userinfo-servlet info: name: AEM UserInfo Servlet Credentials Exposure author: DhiyaneshDk severity: info description: "Adobe Experience Manager UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node." tags: aem,bruteforce requests: - method: GET path: - '{{BaseURL}}/libs/cq/security/userinfo.json' matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - '"userID":' - '"userName":' condition: and - type: word part: header words: - 'application/json' # Enhanced by mp on 2022/04/05