GLPI Detection Scanner

GLPI, or Gestionnaire Libre de Parc Informatique, is a widely-used asset management and service desk software. It is commonly implemented by IT departments and organizations to manage IT assets, track incidents, and streamline support processes. The software allows for comprehensive tracking of company resources and is used across various industries including education, healthcare, and corporate sectors. GLPI supports integration with multiple authentication systems, including LDAP and local identities. Its robust features make it an ideal tool for managing inventory, contracts, and documenting IT workflows. The flexibility and scalability of GLPI cater to the needs of both small businesses and large enterprises.

The technology detection functionality in the scanner identifies the presence of GLPI within a network or digital asset. It focuses on detecting distinct indicators and signatures unique to GLPI installations. Being informed about installed technologies helps organizations assess their digital landscape and associated risks. By knowing what technologies are present, companies can prioritize their security efforts and compliance activities. Accurately identifying GLPI installations is crucial for managing associated vulnerabilities and ensuring the technology is used securely. This detection process helps to uncover unauthorized or outdated installations of GLPI.

The detection mechanism leverages specific HTTP word matchers that recognize characteristic phrases such as "GLPI_DB_OK", "GLPI_SESSION_DIR_OK", and "GLPI_OK" within the status page. It also checks for a successful HTTP 200 status code response when accessing the "status.php" endpoint. This endpoint is unique to GLPI and reveals important information regarding its configuration and operational status. Identifying these indicators allows the scanner to confirm the presence of GLPI without directly interacting with user credentials or sensitive data. This passive detection method reduces the risk of triggering security defenses or causing disruptions in service.

If the GLPI status page is publicly accessible, it may inadvertently expose sensitive configuration details to potential attackers. Visible status pages can lead to information leakage, providing adversaries with insights into the infrastructure and system health. Knowledgeable attackers can exploit this information to craft targeted attacks or gain unauthorized access to backend resources. Unauthorized exposure of the status page might also reveal internal directory paths or database connectivity statuses, potentially aiding in further exploitation. Ensuring such endpoints are appropriately secured and concealed can mitigate the risk posed by inadvertent information disclosure.

REFERENCES

• https://buildmedia.readthedocs.org/media/pdf/glpi-user-documentation/latest/glpi-user-documentation.pdf