CVE-2021-37151— CyberArk Identity 授权问题漏洞

N/A

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords.

N/A

N/A

CyberArk Identity 授权问题漏洞

Cyber​​Ark CyberArk Identity是Cyber​​Ark公司的提供最完整的身份安全平台，以确保端到端的所有身份。 CyberArk Identity 21.5.131存在安全漏洞，攻击者可以利用此漏洞获取用户名或密码。

N/A

N/A