Skip to content

inflixim4be/CVE-2020-15392

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2020-15392
User Enumeration on Supravizio BPM 10.1.2


Description

A user enumeration vulnerability flaw was found in Supravizio BPM, version 10.1.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Exploitation

To exploit this vulnerability, it is necessary to request a password recovery, when adding a invalid contact email the message: "email not found" is displayed and when an valid email: "contact the system administrator".

PoC

  • Invalid User


  • Valid User


  • Brute Force - Invalid User


  • Brute Force - Valid User

About

User Enumeration on Supravizio BPM 10.1.2

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published