Msmtp - Config Exposure
Msmtp configuration was discovered.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API endpoint to be tested. In this case, the filters include the response code range (between 200 and 299) and the extraction of the URL from the response to be used in the subsequent request.
The execute section defines the type of request to be executed. In this template, it is set to "single," indicating that a single request will be made. The request is modified using the "modify_url" parameter, which appends "/.msmtprc" to the extracted URL.
The validation section specifies the conditions that the response should meet to be considered valid. It checks for a response code of 200, and the response payload should contain specific keywords related to the Msmtp configuration file. Additionally, the response headers should contain either "text/plain" or "octet-stream" values.
Frequently asked questions
What is the Msmtp Config Exposure vulnerability and how does it occur
How can the exposure of Msmtp configuration files impact email account security
What category and severity level does the Msmtp Config Exposure vulnerability fall under
What are the specific requirements for a valid response to this test
What modifications are made to the URL during the execution of this test
Are there any references or external resources available for further information on Msmtp