We found results for “”
WS-2022-0416
Good to know:
Date: November 5, 2022
User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the response body, response headers or sometimes, in the response delay. In your application, user enumeration occurs when a user requests a password reset.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Information Leak / Disclosure
CWE-200Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |