PT-2021-24396 · Ibexa · Ibexa Open Source+2
Published
2021-03-11
·
Updated
2021-03-11
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
eZ Platform versions 1.13, 2.5, and 3.2
Ibexa DXP and Ibexa Open Source version 3.3
Description:
The issue allows an attacker to detect if a given username or email refers to a valid account through differences in the response data or response time of certain requests to the "user/sessions" endpoint.
Recommendations:
For eZ Platform versions 1.13, 2.5, and 3.2, update via Composer to ensure the fix is applied.
For Ibexa DXP and Ibexa Open Source version 3.3, update via Composer to ensure the fix is applied.
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibexa Dxp
Ibexa Open Source
Ez Platform