Cisco Bug: CSCul36003 - Cisco WebEx Training Center Registered Attendee e-mail Enumeration
Aug 06, 2018
- Cisco Webex Meetings Online
Known Affected Releases
Symptom: A vulnerability in training registration page in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to enumerate e-mail addresses of registered attendees. The vulnerability is due to registration error messages that reveal when the e-mail address supplied during registration has already been specified by another registered attendee. An attacker could exploit this vulnerability by submitting multiple registration requests, and viewing the resulting error messages to determine which e-mail addresses have been submitted by other registered attendees. Conditions: Default behavior.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases