A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NWebmin Usermin
APPWebmin2.100
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2015-2079CRITICAL9.9PL ✓ten sam produkt
RCE w Usermin przez błędne wywołanie Perl open() w uconfig_save.cgi
CVE-2022-35132HIGH8.8ten sam produkt
Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a fil...
CVE-2024-36453MEDIUM6.1ten sam produkt
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin v...
CVE-2023-41157MEDIUM5.4ten sam produkt
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject a...
CVE-2023-41156MEDIUM5.4ten sam produkt
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows r...