CVE-2019-18986
N/A
N/A
Summary
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/pimcore/pimcore/compare/v6.2.1…v6.2.2
- https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185
References
- https://github.com/pimcore/pimcore/compare/v6.2.1…v6.2.2
- https://github.com/pimcore/pimcore/commit/4a7bba5c3f818852cbbd29fa124f7fb09a207185
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.