Inconsistent Response Length in PublicCMS V4.0.180825 Allows for Brute-Force Attacks

Inconsistent Response Length in PublicCMS V4.0.180825 Allows for Brute-Force Attacks

CVE-2018-17368 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

Learn more about our Cms Pen Testing.