5 matches found
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
creationtimestamp| type| source ---|---|--- 2025-02-11 10:29:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113984783209414361 2025-02-11 11:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvjsp3oef2h 2025-02-13 11:00:00+00:00| seen|...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
CVE-2023-37482 affects Siemens SIMATIC web servers (e.g., SIMATIC S7-1200/1500 family). The vulnerability stems from login response timing not being normalized, enabling an unauthenticated remote attacker to perform user enumeration by distinguishing valid vs. invalid usernames via a side channel...