Trixbox Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running Trixbox and is prone to information disclosure vulnerability.

Impact

Successful exploitation allows attackers to obtain valid usernames, which may aid them in brute-force password cracking or other attacks. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to Trixbox returning valid usernames via a http GET request to a Flash Operator Panel(FOP) file.

Affected

Trixbox version 2.8.0.4 and prior.

References

http://packetstormsecurity.org/files/view/102627/trixboxfop-enumerate.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

7Media Web Solutions EduTrac Directory Traversal Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities