An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.
References
Link | Resource |
---|---|
https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EeKCnV76jG5Pn9Ud30fTlesBlk-SZS3uFU80Gt8IEWiE4Q?e=Tdmabs | Vendor Advisory |
https://twitter.com/FIMERspa | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-03T10:02:07
Updated: 2021-11-03T10:02:07
Reserved: 2021-05-19T00:00:00
Link: CVE-2021-33209
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-03T11:15:08.143
Modified: 2021-11-05T11:51:18.543
Link: CVE-2021-33209
JSON object: View
Redhat Information
No data.
CWE