Username Enumeration Vulnerability in EMQ X Dashboard by EMQ Technologies
CVE-2021-46434

5.3MEDIUM

Key Information:

Vendor: EMQx
Status: EMQx
Vendor: CVE Published:; 28 March 2022

Summary

The EMQ X Dashboard version 3.0.0 is susceptible to a username enumeration vulnerability within the '/api/v3/auth' interface. During the login process, the application exhibits different behaviors based on the validity of the username provided, allowing an attacker to determine if a username is valid or not. This weakness can potentially be exploited to facilitate further attacks, including unauthorized access to accounts.

References

https://github.com/emqx/emqx/issues/6791

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2022
Vulnerability Reserved
Jan 24, 2022