/tags/bigbluebutton/ Recent content in BigBlueButton on Saksham Anand Hugo -- gohugo.io en-us Mon, 25 May 2020 00:00:00 +0000 /blog/host-header-injection-bigbluebutton/ Mon, 25 May 2020 00:00:00 +0000 /blog/host-header-injection-bigbluebutton/ Back in April, one of the systems I was testing was a video conferencing application, known as BigBlueButton, an open source challenger to Zoom. The BigBlueButton installation comes with a user friendly interface, known as Greenlight, which ties in nicely with the BigBlueButton server. While most of the corporate installations would be using LDAP authentication, at times, installation will be based on standard username and password login mechanism, which is handled by Greenlight. /blog/cve-2020-12113/ Mon, 20 Apr 2020 00:00:00 +0000 /blog/cve-2020-12113/ As part of a penetration testing project at Catalyst IT, I conducted a test on an open source video conferencing system known as the BigBlueButton, an open source challenger to Zoom. The BigBlueButton contains a closed captions module, that allows a user to manually type captions, and all users with captions enabled can see them at the bottom of the screen. While the ability to add captions is only restricted to moderator level permissions, this issue is exaggerated, as when the breakout room functionality is used, all users are granted moderator level permissions, allowing them to write captions.