Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability - CVE-2019-14351 - Vulnerability Database
EspoCRM

EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability - CVE-2019-14351

High
Reference: CVE-2019-14351
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-14351
Title: EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability
Overview:

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/UserfilterList filters.