CVE-2013-6968: Infoleak
First published: Sat Dec 14 2013(Updated: )
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco WebEx Training Center |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6968?
CVE-2013-6968 is categorized as a high severity vulnerability due to its potential for information disclosure through attendee enumeration.
How does CVE-2013-6968 allow for enumeration attacks?
CVE-2013-6968 allows remote attackers to enumerate attendees by sending registration requests and analyzing the different error messages returned based on the existence of email addresses.
What versions of Cisco WebEx Training Center are affected by CVE-2013-6968?
CVE-2013-6968 affects all versions of Cisco WebEx Training Center that are susceptible to this enumeration vulnerability.
How can I mitigate the risks associated with CVE-2013-6968?
To mitigate CVE-2013-6968, restricting access to registration functionalities and implementing generic error messages can help prevent enumeration.
Is there a patch available for CVE-2013-6968?
As of now, Cisco has not released a specific patch for CVE-2013-6968, and users are advised to follow recommended security practices for protection.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco webex training center