31 matches found
CVE-2009-1803
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2024-54002 Dependency-Track allows enumeration of managed users via /api/v1/user/login endpoint
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same...
Username Enumeration Attack
ethycafides is vulnerable to Username Enumeration Attack. The vulnerability is due to discrepancies in response times between valid and invalid usernames, which allow attackers to infer valid usernames based on the timing of server responses...
CVE-2023-39522 Username enumeration attack in goauthentik
goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recover...
HackerOne: Report Duplicate Detector can match deleted and draft reports, may disclose title and vulnerability information
When a Report is submitted on HackerOne.com, a feature called the Report Duplicate Detector helps program members and triagers find potential duplicates of the submitted report. This feature will match against all reports that were submitted to the program. When the feature was introduced, all...
Unspecified vulnerability in GLPI (CNVD-2021-17773)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
CVE-2020-1717
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack...
CVE-2020-27199
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for...
CVE-2020-6874
A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or brute-force attack for password guessing. This affects: ZXIPTV, ZXIPTV-WEB-PV5.09.08.04...
CVE-2020-7959
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...
msie.activex.filesearch.txt
Date: Wed, 9 Jun 1999 12:22:00 +0100 From: "Steve Loughran" Subject: ActiveX Security Revisited The latest Microsoft security bulletin http://www.microsoft.com/security/bulletins/ms99-018.asp includes two Internet Explorer patches. The first is a classic stack overrun -a web page can supply an ic...