CVE-2020-24008

Name of the Vulnerable Software and Affected Versions Umanni RH version 1.0

Description The issue is related to user enumeration during password recovery. It allows an attacker to determine if a user is valid or not based on differences in messages, potentially enabling a brute force attack with valid users.

Recommendations For Umanni RH version 1.0, consider modifying the password recovery mechanism to return generic messages for all attempts, regardless of the user's validity, to prevent user enumeration. As a temporary workaround, restrict access to the password recovery feature until a more robust solution is implemented.