Vulnerabilities > CVE-2022-40084 - Information Exposure Through Discrepancy vulnerability in Opencrx

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
opencrx
CWE-203

Summary

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.

Common Weakness Enumeration (CWE)