exploitDog

GHSA-8rcr-h4v8-qpq5

Опубликовано: 24 янв. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

CVSS3: 5.3

Описание

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

Ссылки

EPSS

Процентиль: 33%

0.00126

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-204

Связанные уязвимости

CVE-2025-0693

CVSS3: 5.3

nvd

около 1 года назад

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

EPSS

Процентиль: 33%

0.00126

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-204