| 제목 | Mtons mblog 3.5.0 Observable Response Discrepancy |
|---|
| 설명 | An observable response discrepancy vulnerability exists in the Mtons mblog 3.5.0 application at the /login endpoint. The application's responses differ for invalid and valid usernames during login attempts, allowing attackers to determine the existence of user accounts. By analyzing the distinct responses, attackers can enumerate valid usernames and use this information to perform targeted attacks such as credential stuffing or brute force.
|
|---|
| 원천 | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ObservableDiscrepancy-UserLogin.md |
|---|
| 사용자 | vastzero (UID 78767) |
|---|
| 제출 | 2024. 12. 27. PM 10:03 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 08. PM 03:37 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 290790 [langhsu Mblog Blog System 3.5.0 /login 정보 공개] |
|---|
| 포인트들 | 20 |
|---|