Описание
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
Ссылки
- Third Party Advisory
- Mailing List
- Permissions RequiredThird Party Advisory
- Broken LinkPermissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- VDB Entry
- Third Party Advisory
- Mailing List
- Permissions RequiredThird Party Advisory
- Broken LinkPermissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- VDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:chetcpasswd_project:chetcpasswd:2.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00849
Низкий
5 Medium
CVSS2
Дефекты
CWE-388
Связанные уязвимости
debian
почти 19 лет назад
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...
github
больше 3 лет назад
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
EPSS
Процентиль: 73%
0.00849
Низкий
5 Medium
CVSS2
Дефекты
CWE-388