PT-2025-39869

Name of the Vulnerable Software and Affected Versions Trivision NC-227WF firmware version 5.80 build 20141010 Description The login mechanism in the software allows an attacker to determine if a username is valid by observing different error messages. Specifically, a “Unknown user” message...

CVE-2025-1396

WSO2 username enumeration vulnerability (CVE-2025-1396) occurs when Multi-Attribute Login is enabled across multiple WSO2 products. The login flow returns a distinct error message for non-existing usernames, enabling observers to determine valid user IDs. Impact includes potential for targeted br...

CVE-2017-16629

In SapphireIMS 40971, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For...

PT-2025-4853 · Unknown · Cosmos-Server

Name of the Vulnerable Software and Affected Versions: Cosmos-Server versions prior to 0.17.7 Description: The Cosmos-Server software has a user enumeration issue due to the error code returned during login, allowing an attacker to determine if a user exists in the database by monitoring the erro...

PT-2024-7392

Name of the Vulnerable Software and Affected Versions: Webmin Usermin version 2.100 Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin allows attackers to enumerate valid user accounts. This issue is related to shortcomings in the error reporting mechanism,...

CVE-2024-36996

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt t...

PT-2024-40248 · Unknown · Silverstripe

Name of the Vulnerable Software and Affected Versions: Silverstripe affected versions not specified Description: The issue concerns a user ID enumeration vulnerability in brute force error messages. Specifically, the system previously handled login attempts for non-existent and existing users...

PT-2024-40294 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, so: Software affected versions not specified Description: The issue concerns a user ID enumeration vulnerability in brute force error messages. It allows an attacker to infer or confirm user details...

CVE-2023-40725

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames...

Need to enter credentials multiple times via Workspace app access on MAC OS clients

The users need to enter credentials multiple times when using Workspace app to login to Gateway on MAC OS clients. Finally, the users still encounter the following error. Web access works well. MAC OS version:...

CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

CVE-2022-24032

Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid...

CVE-2022-24032

Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid...

Adenza AxiomSL 安全漏洞

Adenza AxiomSL is a risk and regulatory reporting platform from Adenza USA. A security vulnerability exists in Adenza AxiomSL ControllerView that allows an attacker to recognize a valid username on the platform, as failed login attempts generate a different error message when the username is vali...

CVE-2021-24214

The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration...

CVE-2020-24686

CVE-2020-24686 affects ABB AC500 V2 with onboard Ethernet. The issue is a denial of service in the PLC’s web visualization component: when exploited, the component stops responding and genuine users lose remote visibility of PLC state. If a user logs in while the vulnerability is exploited, the P...

CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...

ASUSWRT ASUS RT-AX3000 安全漏洞

ASUS RT-AX3000 is a firmware from ASUS Taiwan, China that runs in its routers.A security vulnerability exists in ASUS RT-AX3000 that could be exploited by an attacker to interrupt the use of the device's installation services via a continuous login error...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

The vulnerability in the web interface of Cisco HyperFlex’s hyper-converged infrastructure allows a attacker to perform arbitrary actions on a vulnerable device using a specially crafted link.

The vulnerability of the web interface for managing Cisco HyperFlex infrastructure is related to errors in authenticating the requests being executed. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device using a specially crafted link...