CVE-2024-8891

Name of the Vulnerable Software and Affected Versions: CIRCUTOR Q-SMT version 1.0.4

Description: An attacker with no knowledge of the current users in the web application could build a dictionary of potential users and check the server responses, as it indicates whether or not the user is present.

Recommendations: For CIRCUTOR Q-SMT version 1.0.4, consider restricting access to the user enumeration functionality until a patch is available. As a temporary workaround, limit the number of login attempts to prevent brute-force attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.