CVE-2021-46434

Name of the Vulnerable Software and Affected Versions EMQ X Dashboard version 3.0.0

Description The issue concerns username enumeration in the "/api/v3/auth" interface. When a user logs in, the application returns different results depending on whether the account is correct, allowing an attacker to determine if a given username is valid.

Recommendations For EMQ X Dashboard version 3.0.0, as a temporary workaround, consider restricting access to the "/api/v3/auth" interface until a patch is available. Avoid using this interface for user authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.