Observable Response Discrepancy

CVE-2024-33856

Medium

5.3/10

Summary

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-204 - Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

References

Advisory Timeline

Published May 07, 2024

Observable Response Discrepancy

CVE-2024-33856

Summary

CWE-204 - Observable Response Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS