PT-2022-16426 · Adenza · Adenza Axiomsl Controllerview
Published
2022-01-30
·
Updated
2023-08-08
·
CVE-2022-24032
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adenza AxiomSL ControllerView versions through 10.8.1
Description
The issue allows an attacker to identify valid usernames on the platform due to a difference in error messages produced by failed login attempts when the username is valid.
Recommendations
For Adenza AxiomSL ControllerView versions through 10.8.1, consider modifying the login error messages to be uniform, regardless of the username's validity, to prevent user enumeration. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation.
Exploit
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adenza Axiomsl Controllerview