Описание
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
Ссылки
- Vendor Advisory
- US Government Resource
- Not Applicable
- Vendor Advisory
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:enterprise_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204
Связанные уязвимости
CVSS3: 5.3
github
4 месяца назад
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
EPSS
Процентиль: 21%
0.00067
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204