4 matches found
CVE-2024-34336
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality...
Observable Discrepancy
neos/flow is vulnerable to Observable Discrepancy . The vulnerability is due to observable timing differences within the PersistedUsernamePasswordProvider. An attacker can determine whether an account exists based on the timing of the response, because the hash is only generated if an account was...
PYSEC-2022-282
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists...
CVE-2019-16516
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...