CS&T CorporateTime for the Web returns different error...
Moderate severity
Unreviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Dec 11, 2000
Published to the GitHub Advisory Database
Apr 30, 2022
Last updated
Jan 30, 2023
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server.
References