You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: "Tests for MS Exchnage Admin Center exposure"
author: "r3dg33k"
tags: "msexchange", "ecp", "admin-panel"
run for each:
# you could add more values to this list to make the check repeat
potential_path = "/ecp"
given host then
send request called check:
method: "GET"
path: {potential_path}
if "Object moved" in {check.response.body} and
{check.response.status_code} is "302" then
report issue:
severity: low
confidence: certain
detail: `Microsoft Exchange Admin Center Login Page found at {potential_path}.`
remediation: "Block access to the EAC based on IP Address. https://social.technet.microsoft.com/wiki/contents/articles/52076.exchange-2016-restrict-access-to-the-eac-in-iis.aspx"