CVE-2021-34580

Summary

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.

Affected Software

VendorProductVersion RangeStatus
MB connect linemymbCONNECT242.9.0 <= 2.9.0affected
MB connect linembCONNECT242.9.0 <= 2.9.0affected

Weaknesses

  • CWE-204: CWE-204 Response Discrepancy Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References