Описание
A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.1 (исключая)
cpe:2.3:a:siemens:gridscale_x_prepay:*:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00048
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204
Связанные уязвимости
CVSS3: 5.3
github
2 месяца назад
A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.
EPSS
Процентиль: 15%
0.00048
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204