The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2023-05-23T21:25:09.044Z

Updated: 2024-08-02T12:23:30.867Z

Reserved: 2023-03-10T03:50:27.023Z

Link: CVE-2023-28015

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-23T22:15:09.120

Modified: 2024-11-21T07:53:56.123

Link: CVE-2023-28015

cve-icon Redhat

No data.