Email Enumeration Vulnerability in Cisco WebEx Training Center
CVE-2013-6968

Currently unrated

Key Information:

Vendor: Cisco
Status: Webex Training Center
Vendor: CVE Published:; 14 December 2013

Summary

The WebEx Training Center by Cisco contains a vulnerability that permits unauthorized users to infer the existence of attendees' email addresses. This occurs due to the system's provision of differing error messages based on whether an email address is recognized during the registration process. Attackers can exploit this flaw by performing systematic registration attempts, potentially allowing them to build a list of valid email addresses associated with the service. Ensuring proper error handling and validation practices can mitigate this risk.

References

http://www.securitytracker.com/id/1029492

vdb-entryx_refsource_SECTRACK

http://osvdb.org/100913

vdb-entryx_refsource_OSVDB

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Dec 14, 2013
Vulnerability Reserved
Dec 5, 2013