BID:69626

Avolve Software ProjectDox CVE-2014-5132 User Enumeration Vulnerability

Info

Avolve Software ProjectDox CVE-2014-5132 User Enumeration Vulnerability

Bugtraq ID:	69626
Class:	Design Error
CVE:	CVE-2014-5132
Remote:	Yes
Local:	No
Published:	Sep 03 2014 12:00AM
Updated:	Sep 03 2014 12:00AM
Credit:	CAaNES
Vulnerable:	Avolve Software ProjectDox 8.1

Not Vulnerable:

Discussion

Avolve Software ProjectDox CVE-2014-5132 User Enumeration Vulnerability

Avolve Software ProjectDox is prone to a user-enumeration vulnerability.

An attacker may leverage this issue to harvest valid users, which may aid in further attacks.

Exploit / POC

Avolve Software ProjectDox CVE-2014-5132 User Enumeration Vulnerability

Attackers can exploit this issue using browser or readily available tools.

Solution / Fix

Avolve Software ProjectDox CVE-2014-5132 User Enumeration Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Avolve Software ProjectDox CVE-2014-5132 User Enumeration Vulnerability

References:

Avolve Software ProjectDox Multiple Vulnerability Disclosure (CAaNES )
ProjectDox Product Page (Avolve Software)