CVE-2014-1931

The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
visibility_softwarecyber_recruiter
𝑥
≤ 8.0
visibility_softwarecyber_recruiter
6.2
visibility_softwarecyber_recruiter
6.4
visibility_softwarecyber_recruiter
6.6
visibility_softwarecyber_recruiter
6.8
visibility_softwarecyber_recruiter
7.0
visibility_softwarecyber_recruiter
7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/65564
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details
http://www.securityfocus.com/bid/65564
http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details