Description
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| MB connect line | mymbCONNECT24 | affected |
|
||||||
| MB connect line | mbCONNECT24 | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
Vendor Solution
Update to version 2.10.1
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-21230 | In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. |
References
| Link | Providers |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2021-037/ |
|
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published:
Updated: 2024-09-17T01:41:24.149Z
Reserved: 2021-06-10T00:00:00.000Z
Link: CVE-2021-34580
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-27T11:15:07.553
Modified: 2024-11-21T06:10:44.700
Link: CVE-2021-34580
Redhat
No data.
OpenCVE Enrichment
No data.