Описание
OpenCRX vulnerable to password enumeration via error messages in password reset
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
Пакеты
Наименование
org.opencrx:opencrx-client
maven
Затронутые версииВерсия исправления
< 5.2.2
5.2.2
Связанные уязвимости
CVSS3: 5.3
nvd
больше 3 лет назад
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.