User Enumeration in Cisco WebEx Meeting Center Administration Interface
CVE-2015-4194

Currently unrated

Key Information:

Vendor: Cisco
Status: Webex Meeting Center
Vendor: CVE Published:; 19 June 2015

Summary

The web-based administrative interface of Cisco WebEx Meeting Center reveals distinct error messages for failed login attempts based on the existence of the username and its privileges. This discrepancy enables remote attackers to methodically deduce existing account names and gather sensitive information through repeated trial-and-error login attempts. This flaw can lead to unauthorized access attempts and potential exploitation of account credentials, thus undermining the security of the administrative interface.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/75296

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032660

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 19, 2015
Vulnerability Reserved
Jun 4, 2015