# Exploit Title: Wazuh Dashboard - Information Discoluser # Date: 3/30/2024 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: Wazuh (https://wazuh.com/) # Version: 4.4.2 # Tested on: Linux/Windows Firefox Step 1 : open the inspect element and go to the network tab Step 2 : login to your account on your dashboard as you see we can what requests we are sending Step 3 : attacker on network tab must set XHR see the requests each of them giving the good information to attacker but in response Step 4 : in configuration file and in the response you can see the username of wazuh dashboard and the wazuh manager for example statusCode 200 error 0 data Object { hosts: […] } hosts [ {…} ] 0 Object { default: {…} } default Object { url: "https://192.168.113.50", port: 55000, username: "wazuh-wui", … } url "https://192.168.113.50" port 55000 username "wazuh-wui" password "*****" run_as false Step 5 : attacker found the master server ip and the username of the api Step 6 : attacker can scan the server with nessus and find the vulnerability of the server or bruteforce the server to gain accsess