CVE-2021-44554

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt.

Source: CVE-2021-44554

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다