CVE-2024-2464

CVSS V2 None CVSS V3 None
Description
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.
Overview
  • CVE ID
  • CVE-2024-2464
  • Assigner
  • CERT-PL
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-03-21T14:50:13.935Z
  • Last Modified Date
  • 2024-03-21T14:50:13.935Z
References
Reference URL Reference Tags
https://cert.pl/en/posts/2024/03/CVE-2024-2463/ third-party-advisory
https://cert.pl/posts/2024/03/CVE-2024-2463/ third-party-advisory
https://cdex.cloud/ product
History
Created Old Value New Value Data Type Notes
2024-06-25 23:20:38 Added to TrackCVE