Username enumeration using the forget password endpoint

Rushmi Bhuju

February 04, 2025 08:41

Follow

Advisory ID: LVD-2024-0002

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 5.3

Severity: Medium

CVE: CVE-2024-33856

CWE: CWE-204

Date Published: 2024-04-30

Description:

An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

Affected Product:

Logpoint versions before 7.4.0

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

Comments

Article is closed for comments.

By clicking “I Agree & Download”, you confirm that you have reviewed the prerequisites and key information for Logpoint version 7.8.0. You acknowledge that this version requires firewall port 8443 to be opened in environments where a firewall exists between distributed Logpoint components (for example, between nodes or collectors). Failure to apply the required firewall changes may impact system functionality.
For more details, please review the following article:
https://servicedesk.logpoint.com/hc/en-us/articles/33742792586653-Change-in-LP-LP-Communication-Firewall-Requirement-from-7-8-0

Please ensure that all prerequisite requirements are met before proceeding with this installation or upgrade.

Cancel I Agree & Download

Privacy policy EULA Terms of service

Note: We use cookies that are essential for the smooth functioning of our website.

Comments

Related articles