The Anteon Dashboard was found to be accessible via the /dashboard endpoint without authentication.This exposure may allow unauthorized users to gain insights into internal services, configurations, or sensitive operational data depending on the permissions and features enabled on the dashboard.
PoC代码[已公开]
id: anteon-dashboard-unauth
info:
name: Anteon Dashboard - Unauthenticated
author: DhiyaneshDk
severity: medium
description: |
The Anteon Dashboard was found to be accessible via the /dashboard endpoint without authentication.This exposure may allow unauthorized users to gain insights into internal services, configurations, or sensitive operational data depending on the permissions and features enabled on the dashboard.
impact: |
Unauthorized access to the dashboard can lead to information disclosure, configuration leaks, or even administrative control depending on the level of access the endpoint provides.
metadata:
verified: true
max-request: 1
fofa-query: title="Anteon:"
tags: anteon,misconfig,dashboard,unauth,vuln
http:
- method: GET
path:
- "{{BaseURL}}/dashboard"
matchers:
- type: dsl
dsl:
- "contains_all(body, 'Anteon','Monitoring Solution')"
- "status_code == 200"
condition: and
# digest: 4b0a00483046022100e01a7a532cdf5327cf358bdbe73f77133ff67f3da632392cd26ea5a38b46a330022100ef248bb2705c7da5fac6cb8b6f0b13e16bd465470abef5a36b8f9c2d7d89d5f3:922c64590222798bb761d5b6d8e72950