CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.
Configurations

Configuration 1 (hide)

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*

History

18 Apr 2025, 12:39

Type Values Removed Values Added
First Time Logpoint
Logpoint siem
CPE cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*
References () https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint - () https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint - Vendor Advisory
References () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - Product

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint - () https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint -
References () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - () https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -

03 Jul 2024, 01:58

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Logpoint antes de 7.4.0. Un atacante puede enumerar una lista válida de nombres de usuario observando el tiempo de respuesta en el endpoint de Forgot Password.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-204

07 May 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-07 16:15

Updated : 2025-04-18 12:39


NVD link : CVE-2024-33856

Mitre link : CVE-2024-33856

CVE.ORG link : CVE-2024-33856


JSON object : View

Products Affected

logpoint

  • siem
CWE
CWE-204

Observable Response Discrepancy