EUVD-2019-15687

Malware in sbrugna...

CVE-2019-6122

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address...

Design/Logic Flaw

An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...

CVE-2019-6122

CVE-2019-6122 is a vulnerability in NiceHash Miner prior to 2.0.3.0 causing user enumeration through separate error messages: submitting a non-existent email triggers “EMAIL DOES NOT EXIST,” while valid emails with incorrect credentials yield a different error. This behavioral difference enables ...

CVE-2019-6122

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address...

CVE-2019-6120

NiceHash Miner before version 2.0.3.0 is affected by CVE-2019-6120 due to a missing rate limit when adding a wallet via an email address. This enables an attacker to submit many email addresses to identify valid ones, and can be combined with CVE-2019-6122 (Username Enumeration) to enumerate vali...