Vulnerabilities > CVE-2020-9389 - Information Exposure Through Discrepancy vulnerability in Squaredup 4.6

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.

Vulnerable Configurations

Part Description Count
Application
Squaredup
2

Common Weakness Enumeration (CWE)