CVE-2024-47059

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 18, 2024
Updated: Sep 20, 2024
CWE ID 200

Summary

CVE-2024-47059 affects certain products, including 'yw4UwZ' and 'yw4_-B', by exposing a vulnerability that allows for username enumeration during the login process. When a correct username is paired with a weak password, the application indicates the password's weakness, but when an incorrect username is used with a weak password, it simply responds with "Invalid credentials." This discrepancy can be exploited by attackers to ascertain valid usernames in an organization, posing a low to medium confidentiality risk. To remediate this issue, it is recommended that developers implement uniform responses for both scenarios to prevent revealing whether usernames are valid. The vulnerability has been rated with a CVSS base score of 4.3, indicating moderate severity and low privilege requirements for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share