CVE-2014-5137
Innovative Interfaces Sierra Library Services Platform 1.2_3 - User Enumeration via Login Request Timing
Title source: llmDescription
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533267/100/0/threaded
Scores
EPSS
0.0119
EPSS Percentile
64.1%
Details
CWE
CWE-200
Status
published
Products (1)
iii/sierra
1.2_3
Published
Sep 02, 2014
Tracked Since
Feb 18, 2026