ClueCon Password Vulnerability in BigBlueButton Installation Procedure
CVE-2020-27613 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Learn more about our User Device Pen Test.