CVE-2021-44155

Name of the Vulnerable Software and Affected Versions: Reprise RLM version 14.2

Description: An issue was discovered in the "/goform/login process" API endpoint in Reprise RLM. When an attacker attempts to login, the response if a username is valid includes "Login Failed", but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.

Recommendations: For Reprise RLM version 14.2, as a temporary workaround, consider restricting access to the "/goform/login process" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.