First published: Sun Sep 23 2018(Updated: )
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Publiccms Publiccms | =4.0.180825 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in PublicCMS V4.0.180825 is CVE-2018-17368.
The severity level of CVE-2018-17368 is medium.
CVE-2018-17368 makes it easier to conduct brute-force attacks because the response length for an invalid login attempt is different depending on whether the username is valid.
The PublicCMS V4.0.180825 version is affected by CVE-2018-17368.
Yes, there is a fix for CVE-2018-17368. It can be found in the reference link provided.