CVE-2020-7231

Name of the Vulnerable Software and Affected Versions Evoko Home version 1.31

Description The issue concerns different error messages being provided for failed login requests, depending on whether the username is valid. This distinction in error messages could potentially be used to determine valid usernames.

Recommendations For Evoko Home version 1.31, consider modifying the login error response to provide a generic message that does not distinguish between valid and invalid usernames until a patch is available. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation.