An authenticated user without user-management permissions could identify other user accounts.
An authenticated user without user-management permissions could view other users account information.
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
An authenticated user without user administrative permissions could change the administrator Account Name.
An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
An administrator could discover another account's credentials.
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user reg
An unauthenticated attacker can hijack other users' devices and potentially control them.
An authenticated user attempting to change their password could do so without using the current password.
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
An authenticated administrator could modify the Created By username for a user account
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
A vulnerability exists in NSD570 that allows any authenticated
user to access all device logs disclosing login information with
timestamps.
Page 1+ Next →