| عنوان | Mtons mblog 3.5.0 Observable Response Discrepancy |
|---|
| الوصف | An observable response discrepancy vulnerability exists in the Mtons mblog 3.5.0 application at the /login endpoint. The application's responses differ for invalid and valid usernames during login attempts, allowing attackers to determine the existence of user accounts. By analyzing the distinct responses, attackers can enumerate valid usernames and use this information to perform targeted attacks such as credential stuffing or brute force.
|
|---|
| المصدر | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ObservableDiscrepancy-UserLogin.md |
|---|
| المستخدم | vastzero (UID 78767) |
|---|
| ارسال | 27/12/2024 10:03 PM (1 سنة منذ) |
|---|
| الاعتدال | 08/01/2025 03:37 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 290790 [langhsu Mblog Blog System 3.5.0 /login الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|