CVE-2023-26071

Name of the Vulnerable Software and Affected Versions MCUBO ICT versions 6.0.2 through 10.12.4

Description An issue in the login web page of the affected software can lead to an Observable Response Discrepancy. This discrepancy occurs because the web application provides different responses to incoming requests, revealing internal state information to unauthorized actors. As a result, an unauthorized actor can perform User Enumeration attacks.

Recommendations For versions 6.0.2 through 10.12.4, consider restricting access to the login web page until a patch is available. As a temporary workaround, disabling the login functionality can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.