CVE-2019-14351

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters.
References
Link Resource
https://github.com/espocrm/espocrm/issues/1357 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:espocrm:espocrm:5.6.4:*:*:*:*:*:*:*

Information

Published : 2019-07-28 04:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-14351

Mitre link : CVE-2019-14351

Products Affected
No products.
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts