Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.

CVSS 1 Total

Learn more
ScoreSeverityVersionVector String
2.3LOW4.0CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Product Status

Learn more

Versions 4 Total

Default Status: unaffected

affected

  • affected from 5.0.0 through 5.0.45 

    • unaffected from 5.0.46rc1 

  • affected from 6.0.0 through 6.0.37 

    • unaffected from 6.0.38rc1 

  • affected from 7.0.0 through 7.0.8 

    • unaffected from 7.0.9rc1 

  • affected from 7.2.0 through 7.2.2 

    • unaffected from 7.2.3rc1 

Credits

  • Zabbix wants to thank Jens Just Iversen (jensji) for submitting this report on the HackerOne bug bounty platform reporter

Authorized Data Publishers

Learn more