CVE-2021-46434

2022-03-2812:15:07

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

EMQ X Dashboard V3.0.0 is affected by username enumeration in the “/api /v3/auth” interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid

CPENameOperatorVersion
emqxeq2.2-beta.2
emqxeq0.1.1
emqxeq0.7.0-alpha
emqxeq0.5.1-alpha
emqxeq0.12.0-beta
emqxeq2.1.1
emqxeq1.1.1
emqxeq3.0-beta.4
emqxeq0.3.0-beta
emqxeq0.4.0-alpha