CVE-2023-40725

Name of the Vulnerable Software and Affected Versions QMS Automotive versions prior to V12.39

Description A vulnerability has been identified in QMS Automotive that allows an attacker to enumerate usernames and identify valid usernames due to the application returning inconsistent error messages in response to invalid user credentials during login sessions. This issue is related to information leakage in error messages, which can enable unauthorized access to protected information.

Recommendations For versions prior to V12.39, update to version V12.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation. Additionally, avoid using the affected application for sensitive operations until the update is applied.