Skip to content

inflixim4be/CVE-2020-15392

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2020-15392
User Enumeration on Supravizio BPM 10.1.2

Description

A user enumeration vulnerability flaw was found in Supravizio BPM, version 10.1.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Exploitation

To exploit this vulnerability, it is necessary to request a password recovery, when adding a invalid contact email the message: "email not found" is displayed and when an valid email: "contact the system administrator".

PoC

  • Invalid User


  • Valid User


  • Brute Force - Invalid User


  • Brute Force - Valid User

About

User Enumeration on Supravizio BPM 10.1.2

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published