2 matches found
CVE-2020-35952
login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...
CVE-2020-35952
CVE-2020-35952 affects PHPFusion (PHP-Fusion) Andromeda 9.x before 2020-12-30. The issue is that login.php generates error messages that differentiate between an incorrect username and an incorrect password, rather than a single generic message, which could enable user enumeration. The connected ...