3 matches found
CVE-2019-6122
CVE-2019-6122 is a vulnerability in NiceHash Miner prior to 2.0.3.0 causing user enumeration through separate error messages: submitting a non-existent email triggers “EMAIL DOES NOT EXIST,” while valid emails with incorrect credentials yield a different error. This behavioral difference enables ...
CVE-2019-6120
NiceHash Miner before version 2.0.3.0 is affected by CVE-2019-6120 due to a missing rate limit when adding a wallet via an email address. This enables an attacker to submit many email addresses to identify valid ones, and can be combined with CVE-2019-6122 (Username Enumeration) to enumerate vali...
CVE-2019-6121
CVE-2019-6121 affects NiceHash Miner prior to 2.0.3.0. The issue is missing authorization, enabling an adversary to access a miner’s information (e.g., recent payments, unclaimed balance, old balance, projected payout, mining stats) with only a valid email address required to retrieve the informa...