Inconsistent Error Messages in QMS Automotive Login Session Vulnerability

Inconsistent Error Messages in QMS Automotive Login Session Vulnerability

CVE-2023-40725 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

Learn more about our Automotive Penetration Testing.