Описание
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.3 (исключая)
cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00269
Низкий
5.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
CWE-200
Связанные уязвимости
CVSS3: 5.3
redhat
больше 7 лет назад
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVSS3: 5.3
github
больше 3 лет назад
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
EPSS
Процентиль: 50%
0.00269
Низкий
5.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
CWE-200