CVE-2021-34580

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2021-037/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

Information

Published : 2021-10-27 11:15

Updated : 2021-11-01 05:37


NVD link : CVE-2021-34580

Mitre link : CVE-2021-34580

Products Affected
No products.
CWE