Adobe Connect 10 - Username Disclosure

vendor:

Adobe Connect

by:

h4shur

6.5

CVSS

MEDIUM

Username Disclosure

N/A

CWE

Product Name: Adobe Connect

Affected Version From: 10

Affected Version To: 10

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 & Google Chrome

2021

Adobe Connect 10 – Username Disclosure

By adding this (/system/help/support) to the end of the desired website address, you can view the username without any filter or obstacle. Sometimes even without a username and password. And by adding (/system/login) to the end of the desired website address, you can access the admin panel without any filters.

Mitigation:

Ensure that the website is properly secured and access to the admin panel is restricted to authorized personnel only.

Source

Exploit-DB raw data:

# Title: Adobe Connect 10 - Username Disclosure
# Author: h4shur
# date:2021-02-07
# Vendor Homepage: https://www.adobe.com
# Software Link: https://www.adobe.com/products/adobeconnect.html
# Version:  10 and earlier
# Tested on: Windows 10 & Google Chrome
# Category : Web Application Bugs

### Description :

By adding this (/system/help/support) to the end of the desired website address, you can view the username without any filter or obstacle. Sometimes even without a username and password. And by adding (/system/login) to the end of the desired website address, you can access the admin panel without any filters.

### POC :
site.com/system/help/support

### Admin Panel :
site.com/system/login