Username Enumeration Vulnerability in Logpoint Software
CVE-2024-33856

Currently unrated

Key Information:

Vendor: Logpoint
Status: Logpoint Software
Vendor: CVE Published:; 7 May 2024

What is CVE-2024-33856?

An exploit was identified in Logpoint before version 7.4.0, allowing attackers to determine valid usernames by analyzing the response times from the Forgot Password endpoint. This vulnerability could enable the attacker to compile a list of active accounts, increasing the risk of unauthorized access and further attacks on affected systems.

References

https://servicedesk.logpoint.com/hc/en-us/categories/2008...

https://servicedesk.logpoint.com/hc/en-us/articles/185335...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Apr 27, 2024