Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Vulnerability

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on: Microsoft Window...

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...