Vulnerability - User Enumeration Unauthenticated #1
Comments
|
Hi Daniel, Thanks for pointing that out. The versions you have listed are quite old, and, fortunately, this vulnerability was fixed in v3.0. Please, let me know if you find anything else ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dear Cybele Software,
My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed.
I recently found a vulnerability in Thinfinity VirtualUI that allows a malicious actor to enumerate users registered in the OS (Windows) through /changePassword
How it works
By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI.
Common users are administrator, admin, guest and krgtbt
Payload
The vulnerable vector is "https://example.com/changePassword?username=USERNAME" where "USERNAME" need to be brute-forced.
Vulnerable versions
It has been tested in VirtualUI version 2.1.37.2, 2.1.42.2, 2.5.0.0, 2.5.36.1, 2.5.36.2 and 2.5.41.0.
The text was updated successfully, but these errors were encountered: