Terramaster Tos User Enumeration Vulnerability Cve 2020 28185
Terramaster Tos User Enumeration Vulnerability Cve 2020 28185
TerraMaster TOS User Enumeration Vulnerability CVE-2020-28185
Hole description
There is a user enumeration vulnerability in TerraMaster TOS. You can enumerate users in the system through the username parameter of the wizard/initialise.php page and leak email information.
Vulnerability Impact
TerraMaster TOS < 4.2.06
Network surveying and mapping
“TerraMaster” && header=”TOS”
Vulnerability reappears
The vulnerability point comes from the user’s existence verification of password recovery
Enter username admin Click OK to view the package captured by Burp
There is a request package to confirm whether the user admin exists
If it exists, it returns the user’s email information.
This post is licensed under CC BY 4.0 by the author.