First published: Mon Sep 09 2019(Updated: )
Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <3.17.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16180 is a vulnerability in Limesurvey before version 3.17.14 that allows remote attackers to brute force the login form and enumerate usernames when the LDAP authentication method is used.
Remote attackers can exploit CVE-2019-16180 by attempting to brute force the login form and enumerate usernames when the LDAP authentication method is used.
The severity of CVE-2019-16180 is medium with a CVSS score of 5.3.
Versions of Limesurvey up to but excluding version 3.17.14 are affected by CVE-2019-16180.
To fix CVE-2019-16180, update Limesurvey to version 3.17.14.