what you don't know can hurt you

BigBlueButton 2.2.29 Brute Force

BigBlueButton 2.2.29 Brute Force
Posted Nov 25, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.

tags | exploit, cracker
advisories | CVE-2020-29042
MD5 | 847d6dd1af2ce5bc8478dd79f1c6b724

BigBlueButton 2.2.29 Brute Force

Change Mirror Download
# Title: BigBlueButton Meeting Access Code Brute Force Vulnerability

# Google Dork: N/A

# Date: 24.11.2020

# Author: Seccops (https://seccops.com)

# Vendor Homepage: bigbluebutton.org

# Version: 2.2.29 and previous versions

# CVE: CVE-2020-29042





=== Summary ===

An issue was discovered in BigBlueButton through 2.2.29.

A brute-force attack may occur because an unlimited number of codes can be
entered for a meeting that is protected by an access code.





=== Description ===

BigBlueButton is an open source web conferencing solution for online
learning that provides real-time sharing of audio, video, slides,
whiteboard, chat and screen. It also allows participants to join the
conferences with their webcams and invite guest speakers.



An unlimited number of codes can be entered for a meeting that is protected
by an access code. This situation causes a brute force attack.

The following is a brute force attack for the access code of a meeting with
a known meeting link: https://imgur.com/a/jaoOkwT





=== Impact ===

An attacker who knows a meeting link protected by an access code; By
breaking the access code with brute force attack, it can make social
engineering attacks in the meeting, collect all the confidential
information/documents that were spoken and shared in the meeting, disturb
other users in the meeting or sabotage the meeting.

Login or Register to add favorites

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close