For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NSick Field Analytics
APPSickwszystkie wersje
Powiązane podatności
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a ...
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a...
The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server in...
The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to infor...