Описание
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*
EPSS
Процентиль: 52%
0.00288
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-203
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
EPSS
Процентиль: 52%
0.00288
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-203