CVE-2020-12478
published 2020-04-29CVE-2020-12478: TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
7.22%
93.5th percentile
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| teampass | teampass | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /files/ldap.debug.txt with a 200 response, Content-Type of text/plain, and body containing 'Get all LDAP params' indicates successful unauthenticated file retrieval on TeamPass 2.1.27.36. ↗
- →Shodan query 'http.html:"teampass"' and FOFA query 'body="teampass"' can be used to identify exposed TeamPass instances for proactive detection. ↗
- ·The vulnerable path /files/ldap.debug.txt is only present if LDAP debugging has been enabled and the debug file has been generated; absence of the file does not confirm the instance is patched. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
TeamPass files are available without authentication
osv·2022-05-24
CVE-2020-12478 [HIGH] TeamPass files are available without authentication
TeamPass files are available without authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
GHSA
TeamPass files are available without authentication
ghsa·2022-05-24
CVE-2020-12478 [HIGH] CWE-306 TeamPass files are available without authentication
TeamPass files are available without authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
No detection rules found.
Nuclei
TeamPass 2.1.27.36 - Improper Authentication
nuclei·CVSS 7.5
CVE-2020-12478 [HIGH] TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2020-12478
info:
name: TeamPass 2.1.27.36 - Improper Authentication
author: arafatansari
severity: high
description: |
TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can bypass authentication and gain unauthori
No writeups or analysis indexed.
2020-04-29
Published