Thinfinity VirtualUI User Enumeration Vulnerability CVE-2021-44848 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Thinfinity VirtualUI User Enumeration Vulnerability CVE-2021-44848 Scanner Detail

Thinfinity VirtualUI allows User Enumeration vulnerability.

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.

Some Advice for Common Problems

  • Return identical responses for “valid user/wrong password” and “invalid user” login requests.
  • Make sure your “forgotten password” page does not reveal usernames.
  • If your password reset process involves sending an email, have the user enter their email address. Then send an email with a password reset link if the account exists.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service