Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 25/07/2023 Updated: 19/02/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows malicious user to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version

Vulnerable Product	Search on Vulmon	Subscribe to Product
42gears suremdm

# Exploit Title: SureMDM On-premise < 631 - CAPTCHA Bypass User Enumeration # Date: 05/12/2023 # Exploit Author: Jonas Benjamin Friedli # Vendor Homepage: www42gearscom/products/mobile-device-management/ # Version: <= 631 # Tested on: 631 # CVE : CVE-2023-3897 import requests import sys def print_help(): print("Usage: pytho ...

SureMDM On-Premise versions prior to 631 suffer from CAPTCHA bypass and user enumeration vulnerabilities ...

CWE-203 https://www.42gears.com/security-and-compliance http://packetstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.html https://nvd.nist.gov https://www.exploit-db.com/exploits/51804

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-3897

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect