Medium severity5.3NVD Advisory· Published Dec 20, 2021· Updated Jun 17, 2026
CVE-2021-44554
CVE-2021-44554
Description
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest and krgtbt.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Thinfinity/VirtualUIdescription
- Range: <3.0
Patches
Vulnerability mechanics
References
1- github.com/cybelesoft/virtualui/issues/1nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.