| Title | Antabot White-Jotter 0.2.2 Observable Response Discrepancy |
|---|
| Description | An observable response discrepancy vulnerability exists in the Antabot White-Jotter 0.2.2 application at the /login endpoint. During the login process, the server can return two different responses, "User does not exist" or "Wrong password". This allows attackers to determine the existence of user accounts. By analyzing the distinct responses, attackers can enumerate valid usernames and use this information to perform targeted attacks such as credential stuffing. |
|---|
| Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ObservableDiscrepancy-UserLogin.md |
|---|
| User | vastzero (UID 78767) |
|---|
| Submission | 12/18/2024 17:34 (1 Year ago) |
|---|
| Moderation | 12/29/2024 09:28 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289721 [Antabot White-Jotter up to 0.2.2 /login Username response discrepancy] |
|---|
| Points | 20 |
|---|