EMQ X Dashboard V3.0.0 is affected by username enumeration in the “/api /v3/auth” interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid
CPE | Name | Operator | Version |
---|---|---|---|
emqx | eq | 2.2-beta.2 | |
emqx | eq | 0.1.1 | |
emqx | eq | 0.7.0-alpha | |
emqx | eq | 0.5.1-alpha | |
emqx | eq | 0.12.0-beta | |
emqx | eq | 2.1.1 | |
emqx | eq | 1.1.1 | |
emqx | eq | 3.0-beta.4 | |
emqx | eq | 0.3.0-beta | |
emqx | eq | 0.4.0-alpha |