3 matches found
CVE-2018-17368
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks...
CVE-2018-17368
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks...
CVE-2018-17368
PublicCMS 4.0.180825 contains a username enumeration flaw: invalid login responses differ based on username validity, enabling brute-force attempts. Root cause is response length discrimination. CVSS indicates network access, low complexity, no authentication, partial confidentiality impact; no e...