CVE-2020-26163 BigBlueButton | Host Header Injection
Back in April, one of the systems I was testing was a video conferencing application, known as BigBlueButton, an open source challenger to Zoom. The BigBlueButton installation comes with a user friendly interface, known as Greenlight, which ties in nicely with the BigBlueButton server. While most of the corporate installations would be using LDAP authentication, at times, installation will be based on standard username and password login mechanism, which is handled by Greenlight....