Inconsistent Error Messages in QMS Automotive Login Session Vulnerability
CVE-2023-40725 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.
Learn more about our Automotive Penetration Testing.