2 matches found
Cisco WebEx Training Center Email验证绕过音频会议加入漏洞
Bugtraq ID:64281 CVE ID:CVE-2013-6965 Cisco WebEx Training Center是一款互动式培训解决方案,可开展电子教学。 Cisco WebEx Training Center培训中心注册页面存在安全漏洞,允许未验证远程攻击者无需要提供合法Email地址加入培训会议的音频会议。漏洞是由于注册结束之前泄漏了培训会话信息URL,攻击者可收集泄漏URL中的培训会话访问代码和密码,使用这些信息加入受限会议。 0 Cisco WebEx Training Center 厂商补丁: Cisco ----- 用户可参考如下厂商提供的安全公告获得补丁信...
CVE-2013-6965
Cisco WebEx Training Center’s registration component leaks the training session URL before email confirmation, enabling remote attackers to join the audio conference using credentials from that URL. This bypasses access controls without requiring a valid email verification. Public details across ...