| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| mbCONNECT24 | <= 2.9.0 | |
| mymbCONNECT24 | <= 2.9.0 |
An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.9.0.
An unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Please consult the CVE Entry above.
Update mbCONNECT24/mymbCONNECT24 to 2.10.1
LEWA Attendorn GmbH reported this vulnerability to MB connect line.
CERT@VDE coordinated.