PT-2014-6300 · Innovative Interfaces · Innovative Interfaces Sierra Library Services Platform+1

Publicado

2014-09-02

Atualizado

2018-10-09

CVE-2014-5137

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Innovative Interfaces Sierra Library Services Platform version 1.2 3

Description The issue allows remote attackers to enumerate account names via a series of login requests. This is possibly related to the Webpac Pro submodule, where different responses are provided for login requests depending on whether the user account exists.

Recommendations For Innovative Interfaces Sierra Library Services Platform version 1.2 3, consider restricting access to the login functionality to minimize the risk of account enumeration until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-5137

Produtos afetados

Innovative Interfaces Sierra Library Services Platform

Webpac Pro

PT-2014-6300 · Innovative Interfaces · Innovative Interfaces Sierra Library Services Platform+1

CVE-2014-5137

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2