ClueCon Password Vulnerability in BigBlueButton Installation Procedure

ClueCon Password Vulnerability in BigBlueButton Installation Procedure

CVE-2020-27613 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

Learn more about our User Device Pen Test.