Soumettre #808295: Industrial Application Software - IAS Canias ERP 8.03-- Observable Response Discrepancy (CWE-204)information

TitreIndustrial Application Software - IAS Canias ERP 8.03-- Observable Response Discrepancy (CWE-204)
DescriptionA vulnerability has been found in Industrial Application Software caniasERP 8.03 and classified as medium. The affected function is doAction of the component Login RMI Interface (default TCP port 27499). The manipulation leads to information disclosure through observable response discrepancy (CWE-204). The attack can be launched remotely without authentication. The server returns distinct status codes for non-existent usernames (USERNOTFOUND, code 1) versus incorrect passwords (USERWRONGPASSWORD, code 2), enabling systematic enumeration of all valid user accounts. The iasLoginResponseStatus enum defines 35 distinct codes, allowing an attacker to determine with certainty whether a given username exists without knowing any valid password. Discovered by Bilal Güneş (@b1lal) of HawkTrace.
La source⚠️ https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624
Utilisateur
 b1lal (UID 97312)
Soumission20/04/2026 18:07 (il y a 1 mois)
Modérer09/05/2026 18:33 (19 days later)
StatutAccepté
Entrée VulDB362458 [Industrial Application Software IAS Canias ERP 8.03 Login RMI Interface doAction divulgation d'information]
Points20

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!