CVE-2022-30076

Name of the Vulnerable Software and Affected Versions ENTAB ERP version 1.0

Description The issue allows attackers to discover users' full names via a brute force attack by trying a series of student usernames, such as s10000 through s20000, due to the lack of rate limiting.

Recommendations For ENTAB ERP version 1.0, consider implementing rate limiting on login attempts to prevent brute force attacks. As a temporary workaround, restrict access to the student username series to minimize the risk of exploitation. Avoid using sequential student usernames until the issue is resolved.