| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| myREX24 | <= 2.9.0 | |
| myREX24-virtual | <= 2.9.0 |
An issue was discovered in the myREX24 and myREX24-virtual software in all versions through V2.9.0.
An unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
Update myREX24/myREX24-virtual to 2.10.1
LEWA Attendorn GmbH reported this vulnerability to MB connect line.
CERT@VDE coordinated.