Home > Vulnerability Database > WS-2022-0450

Mend.io Vulnerability Database

WS-2022-0450

Date: August 23, 2022

User Enumeration via Response Timing was discovered in heroiclabs/nakama through 3.15.0. There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. An attacker is able to identify valid email addresses and usernames. This could allow for further attacks such as brute force attacks on valid accounts.

Language: Go

Severity Score

5.3

Related Resources (2)

Url: https://github.com/heroiclabs/nakama/commit/ada6f94225fad73ffa834dc46046ee3b2556a9f7

Url: https://www.mend.io/vulnerability-database/WS-2022-0450

Severity Score

5.3

Weakness Type (CWE)

Observable Response Discrepancy

CWE-204

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0450

Date: August 23, 2022

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?