Wazuh Dashboard - Information Discoluser

2024.03.30
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: Wazuh Dashboard - Information Discoluser # Date: 3/30/2024 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: Wazuh (https://wazuh.com/) # Version: 4.4.2 # Tested on: Linux/Windows Firefox Step 1 : open the inspect element and go to the network tab Step 2 : login to your account on your dashboard as you see we can what requests we are sending Step 3 : attacker on network tab must set XHR see the requests each of them giving the good information to attacker but in response Step 4 : in configuration file and in the response you can see the username of wazuh dashboard and the wazuh manager for example statusCode 200 error 0 data Object { hosts: […] } hosts [ {…} ] 0 Object { default: {…} } default Object { url: "https://192.168.113.50", port: 55000, username: "wazuh-wui", … } url "https://192.168.113.50" port 55000 username "wazuh-wui" password "*****" run_as false Step 5 : attacker found the master server ip and the username of the api Step 6 : attacker can scan the server with nessus and find the vulnerability of the server or bruteforce the server to gain accsess


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top