Lucene search

K

Veracode Vulnerability DatabaseVERACODE:47572

HistoryJun 17, 2024 - 7:47 a.m.

User ID Enumeration

2024-06-1707:47:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

1

vulnerability

error messages

user details

member table

6.9 Medium

AI Score

Confidence

High

silverstripe/framework is vulnerable to user ID Enumeration. The vulnerability is due to differing error messages: non-existent users do not receive a locked out message, which allows an attacker to infer or confirm user details that exist in the member table.

6.9 Medium

AI Score

Confidence

High