User Enumeration Vulnerability in mbCONNECT24 <= 2.9.0
CVE-2021-34580 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Learn more about our Cis Benchmark Audit For Server Software.