SoftEther VPN Admin Console - Default Login

ID: softether-vpn-default-login

Severity: high

Author: bhutch

Tags: misconfig,vpn,softether,default-login

Description

The administrative password for the SoftEther VPN Server is blank.

YAML Source

id: softether-vpn-default-login

info:
  name: SoftEther VPN Admin Console - Default Login
  author: bhutch
  severity: high
  description: |
    The administrative password for the SoftEther VPN Server is blank.
  reference:
    - https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#Administration_Authority_for_the_Entire_SoftEther_VPN_Server
  classification:
    cpe: cpe:2.3:a:softether:vpn:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: softether
    product: vpn
    shodan-query: title:"SoftEther VPN Server"
  tags: misconfig,vpn,softether,default-login

http:
  - raw:
      - |
        GET /admin/default/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ':' + password)}}

    attack: pitchfork
    payloads:
      username:
        - administrator
      password:
        - null

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Create new Virtual Hub'
          - 'Toggle navigation'
        condition: and

      - type: status
        status:
          - 200
# digest: 490a004630440220797bd03e21b0766ff7406ea6c52caa9f2d45403c10e103be4f9a4ca5fb2ff8b702204cfdb95fa33355b18fd68e4875b5e24ef1fe69e9aed989acdcc99b2162d42f9b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/softether/softether-vpn-default-login.yaml"

View on Github