Siemens Mendix Forgot Password Module Household Enumeration Vulnerability

2023-10-1100:00:00

China National Vulnerability Database

www.cnvd.org.cn

siemens

mendix

forgot password

vulnerability

brute force

enumeration

household security

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

33.1%

JSON

The Mendix Forgot Password module allows your users to register your application or reset their own passwords without administrator involvement. A vulnerability exists in the Siemens Mendix Forgot Password module that can be exploited by an attacker to determine if a user is valid, allowing a brute force attack on a valid user.

CPENameOperatorVersion
siemens mendix forgot password (mendix 7 compatible) < veq3.7.3
siemens mendix forgot password (mendix 8 compatible) < veq4.1.3
siemens mendix forgot password (mendix 9 compatible) < veq5.4.0
siemens mendix forgot password (mendix 10 compatible) < veq5.4.0

Name	Operator	Version
siemens mendix forgot password (mendix 7 compatible) < v	eq	3.7.3
siemens mendix forgot password (mendix 8 compatible) < v	eq	4.1.3
siemens mendix forgot password (mendix 9 compatible) < v	eq	5.4.0
siemens mendix forgot password (mendix 10 compatible) < v	eq	5.4.0