You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database
Impact is low, as rate-limiting prevent any scanning attempt, so you need to know in advance what you are looking for (and the account name "admin" is forbidden anyway).
Patches
Patched in 0.17.7
Credits
found by "Hannes Michel at Basalt IT-security team"
H4NM Reporter
Impact
By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database
Impact is low, as rate-limiting prevent any scanning attempt, so you need to know in advance what you are looking for (and the account name "admin" is forbidden anyway).
Patches
Patched in 0.17.7
Credits
found by "Hannes Michel at Basalt IT-security team"