Username Enumeration Vulnerability in Cerebrate by Cerebrate Project
CVE-2022-25320

5.3MEDIUM

Key Information:

Vendor: Cerebrate-project
Status: Cerebrate
Vendor: CVE Published:; 18 February 2022

🔔 Create Cerebrate-project Vulnerability Alert

What is CVE-2022-25320?

A username enumeration vulnerability was identified in the Cerebrate application, specifically in version 1.4. This issue allows attackers to ascertain valid usernames by exploiting the application's response behavior, which can lead to unauthorized access attempts and credential stuffing attacks. It is crucial for users and administrators of Cerebrate to address this vulnerability to enhance their cybersecurity posture.

References

https://github.com/cerebrate-project/cerebrate/commit/88f...

https://zigrin.com/advisories/cerebrate-username-enumerat...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2022
Vulnerability Reserved
Feb 18, 2022

CVE-2022-25320 Data

JSON