Dahua Information Disclosure Scanner

Dahua's software products are widely used in various integrated management systems, especially in smart compound management platforms. These products are utilized by organizations that require comprehensive surveillance and management solutions for large areas. The software is used across different sectors, such as educational institutions, industrial parks, and residential communities, providing features for surveillance, access management, and communication. Its interface allows administrators and users to monitor activities and control access effectively. Dahua products are valued for their scalability and flexibility, accommodating the specific needs of a diverse client base. The software is designed to integrate seamlessly with existing systems, enhancing the security and operational efficiency of managed areas.

An Information Disclosure vulnerability is a flaw that allows unauthorized individuals to access sensitive data. This vulnerability can lead to the exposure of usernames and passwords, compromising the security of the affected system. In this case, the vulnerability is related to Dahua's platform, where accessing a specific endpoint without proper authorization reveals sensitive user information. The exposure of such information can lead to further security breaches, as attackers might exploit this data to gain unauthorized access or launch additional attacks. This type of vulnerability is considered critical due to the potential impacts on privacy and system integrity.

The vulnerability stems from an endpoint, /admin/user_getUserInfoByUserName.action, which improperly discloses user information upon receiving a GET request with specified parameters. The sensitive parameters involved are 'loginName' and 'loginPass', which are exposed in the response if the endpoint is accessed. The server returns status code 200 along with the sensitive data when exploited. Attackers can easily craft requests to this endpoint with various username values to enumerate and capture details about multiple users. The lack of authentication checks at this endpoint makes it particularly vulnerable, allowing unauthorized users to gain access to confidential data.

If malicious actors exploit this vulnerability, they can gain unauthorized access to user credentials, leading to potential identity theft, system compromise, and data breaches. The exposed information could allow attackers to impersonate legitimate users, escalating the attack by performing unauthorized actions under a valid account. This could also lead to further exploitation, such as privilege escalation, depending on the roles and permissions associated with the exposed accounts. The breach of personal and confidential information can result in loss of trust, financial damage, and legal consequences for the affected organization.