CVE-2023-3897

Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page

CVSS 4.8 MEDIUMEPSS 1.8%CWE-203

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Onpremise SureMDM Solution · SureMDM Onpremise

public PoCs found — 3

githubgithub.com/jFriedli/CVE-2023-3897★ 0 cve_referencepacketstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.htmlunverified exploitdbwww.exploit-db.com/exploits/51804unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.html https://www.42gears.com/security-and-compliance