In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mbconnectline mbconnect24 |
||
mbconnectline mymbconnect24 |