Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1073

Опубликовано: 15 мая 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

The ovirt-engine web console login form returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-209
https://bugzilla.redhat.com/show_bug.cgi?id=1553525ovirt-engine: account enumeration through login to web console

EPSS

Процентиль: 50%
0.00269
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1073

CVSS3: 5.3
nvd
больше 7 лет назад

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

github логотип

GHSA-9ghh-fm37-vrf7

CVSS3: 5.3
github
больше 3 лет назад

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

EPSS

Процентиль: 50%
0.00269
Низкий

5.3 Medium

CVSS3