← Volver a CVEs
CVE-2020-23283
HIGH7.5
Descripcion
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker to know valid users from the application's database via brute force.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/21/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
mv:mconnect
Debilidades (CWE)
CWE-307
Referencias
https://github.com/ifmacedo/mconnect/blob/main/bruteforce(cve@mitre.org)
https://github.com/ifmacedo/mconnect/blob/main/bruteforce(af854a3a-2127-422b-91ae-364da2661108)
https://www.linkedin.com/pulse/descobrindo-usu%C3%A1rios-brute-force-iran/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.