CVE-2018-1073 in ovirt-engineinformazioni

Riassunto

di MITRE

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsabile

Red Hat, Inc.

Prenotare

04/12/2017

Divulgazione

19/06/2018

Moderazione

accettato

Voce

VDB-119657

CPE

pronto

CWE

CWE-200 (confermato)

CVSS

5.3 (NVD)

EPSS

0.01908

KEV

Attività

molto basso

Settore

Insurance, Hostingprovider, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-1073
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-1073
CVE Details	https://www.cvedetails.com/cve/CVE-2018-1073/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to know what is going to be exploited?

We predict KEV entries!