Описание
EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:emqx:emqx:3.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00194
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid.
EPSS
Процентиль: 41%
0.00194
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo