Описание
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username enumeration.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:acquia:mautic:5.1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00311
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
Mautic allows users enumeration due to weak password login
EPSS
Процентиль: 54%
0.00311
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-Other