Vulnerabilities > CVE-2019-13599 - Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
control-webpanel
CWE-203

Summary

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.

Vulnerable Configurations

Part Description Count
Application
Control-Webpanel
1

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154164/cwp098848-enumerate.txt
idPACKETSTORM:154164
last seen2019-09-07
published2019-08-20
reporterPongtorn Angsuchotmetee
sourcehttps://packetstormsecurity.com/files/154164/CentOS-WebPanel.com-Control-Web-Panel-CWP-0.9.8.848-User-Enumeration.html
titleCentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration