CVE-2020-9389

Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0

Description: A username enumeration issue was discovered in the login functionality, allowing a malicious user to guess valid usernames due to different response times from invalid usernames.

Recommendations: For versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue. As a temporary workaround, consider implementing rate limiting or IP blocking to minimize the risk of exploitation. Restrict access to the login functionality to trusted users and networks until the update is applied.