Vulnerabilities

CVE-2013-6020

by Fred · 27/10/2013

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.

Date published : 2013-10-27

http://www.kb.cert.org/vuls/id/911678

Similar

Tags: Cybersecurity Alert