← voltar
CVE-2017-16629

CVE-2017-16629

EPSS 1.2%
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://vuln.shellcoder.party/2020/07/18/cve-2017-16629-sapphireims-login-page-information-disclosure/https://vuln.shellcoder.party/tags/sapphireims/