Описание
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
Ссылки
EPSS
Процентиль: 15%
0.00049
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204
Связанные уязвимости
CVSS3: 5.3
github
2 месяца назад
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
EPSS
Процентиль: 15%
0.00049
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204