QwikSec

Security Database

CVE

CWE

Training

CVE-2016-9129

Published: Mar 28, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.

Vendor	Product	Versions
n/a	Revive Adserver All versions before 3.2.3	affected `Revive Adserver All versions before 3.2.3`

Weaknesses (CWE)

References

https://hackerone.com/reports/98612

x_refsource_MISC

https://github.com/revive-adserver/revive-adserver/commit/38223a841190bebd7a137c7bed84fbbcb2b0c2a5

x_refsource_MISC

https://www.revive-adserver.com/security/revive-sa-2016-001/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.