CVE-2021-34683

Name of the Vulnerable Software and Affected Versions: E-document System version 3.0

Description: A remote attacker can exploit the issue to obtain the contact information, including names and e-mail addresses, of all users within an organization. This can be achieved through the "kw/auth/bbs/asp/get user email info bbs.asp" API endpoint. The exposed information may facilitate social engineering or brute force attacks against the system's login page.

Recommendations: For version 3.0, restrict access to the "kw/auth/bbs/asp/get user email info bbs.asp" API endpoint to prevent unauthorized information disclosure. Consider implementing additional security measures to protect against social engineering and brute force attacks.