CVE-2017-16629

CVE-2017-16629

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" – it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" – it gives an error "Authentication failed. Please login again."

Source: CVE-2017-16629

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.