Article No° | Product Name | Affected Version(s) |
---|---|---|
myREX24 | <= 2.11.2 | |
myREX24.virtual | <= 2.11.2 |
An issue was discovered in myREX24 and myREX24.virtual in all versions through 2.11.2.
A remote, unauthenticated attacker can enumerate valid users with a timing attack against the webserver.
Update to Version 2.12.1
SySS GmbH reported this vulnerability to Helmholz.
Helmholz reported this vulnerability to MB connect line.
CERT@VDE coordinated with Helmholz & MB connect line.