Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

JetBrains TeamCity - Guest User Access Enabled

By kannthu

High
Vidoc logoVidoc Module
#misconfig#teamcity#jetbrains
Description

What is "JetBrains TeamCity - Guest User Access Enabled?"

The "JetBrains TeamCity - Guest User Access Enabled" module is designed to detect a misconfiguration in the JetBrains TeamCity software. TeamCity is a continuous integration and build management system that allows developers to automate the process of building, testing, and deploying their software projects. This module focuses on the guest user access feature of TeamCity, which allows anonymous users to access the TeamCity user interface.

This module has a high severity level, indicating that the misconfiguration can potentially lead to unauthorized access and compromise of sensitive information.

Author: Ph33r

Impact

The misconfiguration detected by this module can have significant consequences for the security of the TeamCity instance. Enabling guest user access without proper restrictions can expose sensitive project information, such as source code, build configurations, and build logs, to unauthorized individuals. This can lead to intellectual property theft, unauthorized code execution, and other security breaches.

How the module works?

The "JetBrains TeamCity - Guest User Access Enabled" module works by sending an HTTP request to the TeamCity instance and analyzing the response. The module checks for two specific conditions:

    - The response header contains the word "Location: /overview.html" and "TCSESSIONID=". - The HTTP response status code is 302 (Found).

If both conditions are met, the module considers the guest user access feature to be enabled and reports it as a misconfiguration.

Example HTTP request:

GET /guestLogin.html?guest=1 HTTP/1.1
Host: <Hostname>

The module sends this request to the TeamCity instance, replacing <Hostname> with the actual hostname of the target system.

The module then evaluates the response based on the defined matching conditions to determine if the guest user access feature is enabled.

Reference

- https://ph33r.medium.com/misconfig-in-teamcity

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: Location: /overview.html, TCSESSIONID=and
status: 302
Passive global matcher
No matching conditions.
On match action
Report vulnerability