CVE-2020-13413

Name of the Vulnerable Software and Affected Versions Aviatrix Controller versions prior to 5.4.1204

Description The issue is related to an Observable Response Discrepancy from the API, making it easier to perform user enumeration via brute force. This discrepancy allows attackers to differentiate between existing and non-existing user accounts, facilitating brute-force attacks.

Recommendations For versions prior to 5.4.1204, update to version 5.4.1204 or later to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation. Avoid using the API for user authentication until the issue is resolved.