SquaredUp up to 4.5.x Login timing discrepancy

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in SquaredUp up to 4.5.x. It has been declared as problematic. This vulnerability affects an unknown code of the component Login. Upgrading to version 4.6.0 eliminates this vulnerability.

Field	02/04/2021 10:52 AM	02/23/2021 01:43 PM
name	SquaredUp	SquaredUp
version	<=4.5.x	<=4.5.x
component	Login	Login
cwe	208	208
cvss3_vuldb_ac	H	H
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	N	N
cvss3_vuldb_a	N	N
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
url	https://support.squaredup.com/hc/en-us/articles/360017255858	https://support.squaredup.com/hc/en-us/articles/360017255858
name	Upgrade	Upgrade
upgrade_version	4.6.0	4.6.0
cve	CVE-2020-9389	CVE-2020-9389
date	1612393200 (02/04/2021)	1612393200 (02/04/2021)
cvss2_vuldb_ac	H	H
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	N	N
cvss2_vuldb_ai	N	N
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_av	A	A
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_av	A	A
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	1.4	1.4
cvss2_vuldb_tempscore	1.4	1.2
cvss3_vuldb_basescore	2.6	2.6
cvss3_vuldb_tempscore	2.6	2.5
cvss3_meta_basescore	2.6	2.6
cvss3_meta_tempscore	2.6	2.5
price_0day	$0-$5k	$0-$5k
cve_assigned		1582585200
cve_nvd_summary		A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.
confirm_url		https://support.squaredup.com/hc/en-us/articles/360017255858

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!