User Enumeration Vulnerability in mbCONNECT24 <= 2.9.0

User Enumeration Vulnerability in mbCONNECT24 <= 2.9.0

CVE-2021-34580 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.

Learn more about our Cis Benchmark Audit For Server Software.