CVE-2024-47059
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-47059 affects certain products, including 'yw4UwZ' and 'yw4_-B', by exposing a vulnerability that allows for username enumeration during the login process. When a correct username is paired with a weak password, the application indicates the password's weakness, but when an incorrect username is used with a weak password, it simply responds with "Invalid credentials." This discrepancy can be exploited by attackers to ascertain valid usernames in an organization, posing a low to medium confidentiality risk. To remediate this issue, it is recommended that developers implement uniform responses for both scenarios to prevent revealing whether usernames are valid. The vulnerability has been rated with a CVSS base score of 4.3, indicating moderate severity and low privilege requirements for exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.