When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username enumeration.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mautic
Mautic mautic |
|
CPEs | cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mautic
Mautic mautic |
|
Metrics |
ssvc
|
Wed, 18 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | |
Title | Users enumeration - weak password login | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mautic
Published: 2024-09-18T21:19:26.951Z
Updated: 2024-09-19T15:39:49.519Z
Reserved: 2024-09-17T13:41:00.585Z
Link: CVE-2024-47059
Vulnrichment
Updated: 2024-09-19T15:39:44.235Z
NVD
Status : Received
Published: 2024-09-18T22:15:04.650
Modified: 2024-09-18T22:15:04.650
Link: CVE-2024-47059
Redhat
No data.