User Enumeration Vulnerability in Reprise RLM 14.2

User Enumeration Vulnerability in Reprise RLM 14.2

CVE-2021-44155 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.

Learn more about our User Device Pen Test.