id: teamcity-registration-enabled info: name: JetBrains TeamCity - Registration Enabled author: Ph33r severity: high description: | JetBrains TeamCity allows all visitors to register due to a misconfiguration. reference: - https://ph33r.medium.com/misconfig-in-teamcity-panel-lead-to-auth-bypass-in-apache-org-0day-146f6a1a4e2b classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 7.3 cwe-id: CWE-200 metadata: verified: true max-request: 1 shodan-query: http.component:"TeamCity" tags: misconfig,auth-bypass,teamcity,jetbrains,intrusive http: - raw: - | GET /registerUser.html?init=1 HTTP/1.1 Host: {{Hostname}} host-redirects: true max-redirects: 2 matchers: - type: word words: - 'Register a New User Account ? TeamCity' # digest: 490a004630440220789c6222608425cef454e0eeb60db6b26b80842d8d33d44723843340f62b0c8f02200bb1820ba487e43275ecf8574eb20025fcc5e9b8096dbc155732c046ddcc691e:922c64590222798bb761d5b6d8e72950