SquaredUp up to 4.5.x Login timing discrepancy

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in SquaredUp up to 4.5.x. It has been declared as problematic. This vulnerability affects an unknown code of the component Login. Upgrading to version 4.6.0 eliminates this vulnerability.

Field02/04/2021 10:52 AM02/23/2021 01:43 PM
nameSquaredUpSquaredUp
version<=4.5.x<=4.5.x
componentLoginLogin
cwe208208
cvss3_vuldb_acHH
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://support.squaredup.com/hc/en-us/articles/360017255858https://support.squaredup.com/hc/en-us/articles/360017255858
nameUpgradeUpgrade
upgrade_version4.6.04.6.0
cveCVE-2020-9389CVE-2020-9389
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_acHH
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore1.41.4
cvss2_vuldb_tempscore1.41.2
cvss3_vuldb_basescore2.62.6
cvss3_vuldb_tempscore2.62.5
cvss3_meta_basescore2.62.6
cvss3_meta_tempscore2.62.5
price_0day$0-$5k$0-$5k
cve_assigned1582585200
cve_nvd_summaryA username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
confirm_urlhttps://support.squaredup.com/hc/en-us/articles/360017255858

Interested in the pricing of exploits?

See the underground prices here!