# Exploit Title: Wazuh Dashboard - Information Discoluser
# Date: 3/30/2024
# Exploit Author: parsa rezaie khiabanloo
# Vendor Homepage: Wazuh (https://wazuh.com/)
# Version: 4.4.2
# Tested on: Linux/Windows Firefox
Step 1 : open the inspect element and go to the network tab
Step 2 : login to your account on your dashboard
as you see we can what requests we are sending
Step 3 : attacker on network tab must set XHR see the requests each of them giving the good information to attacker but in response
Step 4 : in configuration file and in the response you can see the username of wazuh dashboard and the wazuh manager for example
statusCode 200
error 0
data Object { hosts: […] }
hosts [ {…} ]
0 Object { default: {…} }
default Object { url: "https://192.168.113.50", port: 55000, username: "wazuh-wui", … }
url "https://192.168.113.50"
port 55000
username "wazuh-wui"
password "*****"
run_as false
Step 5 : attacker found the master server ip and the username of the api
Step 6 : attacker can scan the server with nessus and find the vulnerability of the server or bruteforce the server to gain accsess