Описание
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| weblate | itp | package |
Примечания
https://www.openwall.com/lists/oss-security/2017/01/18/11
EPSS
Процентиль: 67%
0.00543
Низкий
Связанные уязвимости
CVSS3: 5.3
nvd
почти 9 лет назад
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.
CVSS3: 5.3
github
больше 3 лет назад
Weblate user account enumeration via reset password form
EPSS
Процентиль: 67%
0.00543
Низкий