4 matches found
PT-2026-29543
The login mechanism of Sage DPW 2025 06 004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021 06 000. On-premise administrators can toggle this behaviour in newer versions...
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...