Описание
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.
Ссылки
- ExploitThird Party Advisory
- Product
- Product
- ExploitThird Party Advisory
- Product
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:medicine_tracker_system_project:medicine_tracker_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00188
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-203
CWE-203
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.
EPSS
Процентиль: 41%
0.00188
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-203
CWE-203