id: avatier-password-management info: name: Avatier Password Management Panel author: praetorian-thendrickson,iamthefrogy,dhiyaneshDK severity: info description: An Avatier password management panel was detected. reference: - https://www.exploit-db.com/ghdb/6576 - https://www.avatier.com/products/identity-management/password-management/ classification: cwe-id: CWE-200 metadata: shodan-query: http.favicon.hash:983734701 tags: panel,avatier,aims requests: - method: GET path: - '{{BaseURL}}/aims/ps/' redirects: true max-redirects: 2 matchers-condition: or matchers: - type: word words: - 'LabelWelcomeToPS' - 'Avatier Corporation' - 'Welcome to Password Management' condition: or - type: word words: - 'Password Management Client' # Enhanced by mp on 2022/03/20