Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bitrix Framework 安全漏洞
Vulnerability Description
Bitrix24是美国Bitrix公司的一套企业社交平台。该平台包括在线通讯、日历管理和CRM(客户关系管理)等功能。 Bitrix24 Bitrix Framework 存在安全漏洞,该漏洞源于管理登录表单中存在“用户枚举和过度身份验证尝试的不当限制”漏洞,允许远程用户枚举管理员组中的用户。这还允许对不在管理员组的用户的密码进行暴力攻击。
CVSS Information
N/A
Vulnerability Type
N/A