id: jmx-default-login

info:
  name: JBoss JMX Console Weak Credential Discovery
  author: paradessia
  severity: high
  description: JBoss JMX Console default login information was discovered.
  reference:
    - https://docs.jboss.org/jbossas/6/Admin_Console_Guide/en-US/html/Administration_Console_User_Guide-Accessing_the_Console.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  tags: jboss,jmx,default-login

requests:
  - raw:
      - |
        GET /jmx-console/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(user + ':' + pass)}}

    attack: clusterbomb
    payloads:
      user:
        - admin
        - root
      pass:
        - admin
        - 12345
        - 123456
        - 1234
        - 123456789
        - 123qwe
        - root

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - 'JMImplementation'

# Enhanced by mp on 2022/03/10