CVE-2013-6020
Tyler Technologies TaxWeb 3.13.3.1 - User Enumeration via Password Recovery Status Code
Title source: llmDescription
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/911678
Scores
EPSS
0.0128
EPSS Percentile
66.6%
Details
CWE
CWE-200
Status
published
Products (1)
tylertech/taxweb
3.13.3.1
Published
Oct 28, 2013
Tracked Since
Feb 18, 2026