| Title | Mtons mblog 3.5.0 Observable Response Discrepancy |
|---|
| Description | An observable response discrepancy vulnerability exists in the Mtons mblog 3.5.0 application at the /login endpoint. The application's responses differ for invalid and valid usernames during login attempts, allowing attackers to determine the existence of user accounts. By analyzing the distinct responses, attackers can enumerate valid usernames and use this information to perform targeted attacks such as credential stuffing or brute force.
|
|---|
| Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/mblog/ObservableDiscrepancy-UserLogin.md |
|---|
| User | vastzero (UID 78767) |
|---|
| Submission | 12/27/2024 22:03 (1 Year ago) |
|---|
| Moderation | 01/08/2025 15:37 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 290790 [langhsu Mblog Blog System 3.5.0 /login response discrepancy] |
|---|
| Points | 20 |
|---|