CVE-2019-13599

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.848

Description The login process in the affected software allows attackers to determine whether a username is valid by comparing response times. This issue can potentially be exploited to gather information about valid usernames.

Recommendations For version 0.9.8.848, consider implementing a rate-limiting mechanism or a constant-time comparison function to prevent attackers from determining valid usernames based on response times. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.