Wazuh Dashboard - Information Discoluser

2024.03.30

parsa rezaie khiabanloo (DE)

Risk: High

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Wazuh Dashboard - Information Discoluser
# Date: 3/30/2024
# Exploit Author: parsa rezaie khiabanloo
# Vendor Homepage: Wazuh (https://wazuh.com/)
# Version: 4.4.2
# Tested on: Linux/Windows Firefox

Step 1 : open the inspect element and go to the network tab

Step 2 : login to your account on your dashboard

as you see we can what requests we are sending

Step 3 : attacker on network tab must set XHR  see the requests each of them giving the good information to attacker but in response

Step 4 : in configuration file and in the response you can see the username of wazuh dashboard and the wazuh manager for example

statusCode	200
error	0
data	Object { hosts: […] }
hosts	[ {…} ]
0	Object { default: {…} }
default	Object { url: "https://192.168.113.50", port: 55000, username: "wazuh-wui", … }
url	"https://192.168.113.50"
port	55000
username	"wazuh-wui"
password	"*****"
run_as	false

Step 5 : attacker found  the master server ip and the username of the api

Step 6 : attacker can scan the server with nessus and find the vulnerability of the server or bruteforce the server to gain accsess

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wazuh Dashboard - Information Discoluser

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.