Описание
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6 (включая)
cpe:2.3:a:squaredup:squaredup:*:*:*:*:system_center_operations_manager:*:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
больше 3 лет назад
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
EPSS
Процентиль: 54%
0.00316
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-203