Design/Logic Flaw

2023-09-1210:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

usernames enumeration

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

CPENameOperatorVersion
qms_automotivelt12.39

CPE	Name	Operator	Version
	qms_automotive	lt	12.39

References

cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf