NuytsTech Security

CVE-2021-34580

by ·

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. Date published : 2021-10-27 https://cert.vde.com/en/advisories/VDE-2021-037/

Tags: