A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2023-09-12T09:32:25.460Z

Updated: 2024-08-02T18:38:51.252Z

Reserved: 2023-08-21T10:57:08.485Z

Link: CVE-2023-40725

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-09-12T10:15:28.917

Modified: 2023-09-14T16:46:06.480

Link: CVE-2023-40725

cve-icon Redhat

No data.