Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supplied was recognized as associated with a valid user. This behavior could be used as part of a two-stage automated attack. During the first stage, an attacker would iterate through a list of account names to determine which correspond to valid accounts. During the second stage, the attacker would use a list of common passwords to attempt to brute force credentials for accounts that were recognized by the system in the first stage.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zammad 安全漏洞
Vulnerability Description
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 3.0版本至3.2版本中密码找回功能的实现存在安全漏洞,该漏洞源于应用程序会根据用户的输入是否与有效的用户账户有关来回复不同的响应。攻击者可借助大量的用户名和密码利用该漏洞获取用户的账户名和密码。
CVSS Information
N/A
Vulnerability Type
N/A