Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration

2021.12.17

Credit: Daniel Morales

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2021-44848

CWE: CWE-287

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

# Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration
# Date: 13/12/2021
# Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed
# Vendor Homepage: https://www.cybelesoft.com
# Software Link: https://www.cybelesoft.com/thinfinity/virtualui/
# Version: vulnerable < v3.0
# Tested on: Microsoft Windows
# CVE: CVE-2021-44848

How it works: By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest...
Payload: The vulnerable vector is "https://example.com/changePassword?username=USERNAME" where "USERNAME" need to be brute-forced.
Reference: https://github.com/cybelesoft/virtualui/issues/1

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.