CVE-2018-17368
First published: Sun Sep 23 2018(Updated: )
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Publiccms Publiccms | =4.0.180825 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in PublicCMS V4.0.180825?
The vulnerability ID for this issue in PublicCMS V4.0.180825 is CVE-2018-17368.
What is the severity level of CVE-2018-17368?
The severity level of CVE-2018-17368 is medium.
How does CVE-2018-17368 make it easier to conduct brute-force attacks?
CVE-2018-17368 makes it easier to conduct brute-force attacks because the response length for an invalid login attempt is different depending on whether the username is valid.
What software versions are affected by CVE-2018-17368?
The PublicCMS V4.0.180825 version is affected by CVE-2018-17368.
Is there a fix for CVE-2018-17368?
Yes, there is a fix for CVE-2018-17368. It can be found in the reference link provided.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/publiccms
- canonical/publiccms publiccms
- version/publiccms publiccms/4.0.180825