CVE-2025-58586
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-06
Assigner: SICK AG
Description
Description
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | sick_enterprise_analytics | * |
| sick | sick_logistic_analytics | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-204 | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability occurs because the application returns different error messages for failed login attempts depending on whether the username does not exist or the password is incorrect. This behavior allows an attacker to determine which usernames are valid by observing the error messages.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to enumerate valid usernames on your system. Knowing valid usernames can facilitate further attacks such as targeted password guessing or social engineering.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70