Vulnerability Details CVE-2021-44155
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.4%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
- https://www.reprisesoftware.com/RELEASE_NOTES
- http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html
- https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes
- https://www.reprisesoftware.com/RELEASE_NOTES
Products affected by CVE-2021-44155
-
cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2
-
cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2bl4
-
cpe:2.3:a:reprisesoftware:reprise_license_manager:15.0