CVE-2011-4678
06.12.2011, 11:55
The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests.Enginsight
| Vendor | Product | Version |
|---|---|---|
| oneclickorgs | one_click_orgs | 𝑥 ≤ 1.2.2 |
| oneclickorgs | one_click_orgs | 1.0.0 |
| oneclickorgs | one_click_orgs | 1.0.1 |
| oneclickorgs | one_click_orgs | 1.1.0 |
| oneclickorgs | one_click_orgs | 1.1.1 |
| oneclickorgs | one_click_orgs | 1.2.0 |
| oneclickorgs | one_click_orgs | 1.2.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration