CVE-2017-16629

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Common Weakness Enumeration
References
https://vuln.shellcoder.party/2020/07/18/cve-2017-16629-sapphireims-login-page-information-disclosure/
https://vuln.shellcoder.party/tags/sapphireims/
https://vuln.shellcoder.party/2020/07/18/cve-2017-16629-sapphireims-login-page-information-disclosure/
https://vuln.shellcoder.party/tags/sapphireims/