Lucene search
GoogleOSV:CVE-2020-15132HistoryAug 05, 2020 - 9:15 p.m.
CVE-2020-15132
2020-08-0521:15:12
Google
osv.dev
3
sulu
vulnerability
software
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the “Forget password” feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a 400 error code is returned, along with a error message saying that this user name does not exist. This enables attackers to retrieve valid usernames. Also, the response of the “Forgot Password” request returns the email address to which the email was sent, if the operation was successful. This information should not be exposed, as it can be used to gather email addresses. This problem was fixed in versions 1.6.35, 2.0.10 and 2.1.1.
Related
veracode
veracode
Information Disclosure
2020-08-06 05:30:10
prion
prion
Default credentials
2020-08-05 21:15:00
cvelist
cvelist
CVE-2020-15132 Reset Password / Login vulnerability in Sulu
2020-08-05 20:30:13
github
github
Reset Password / Login vulnerability in Sulu
2020-08-05 21:27:44
nvd
nvd
CVE-2020-15132
2020-08-05 21:15:12
cve
cve
CVE-2020-15132
2020-08-05 21:15:12
osv
osv
Reset Password / Login vulnerability in Sulu
2020-08-05 21:27:44