CVE-2001-1528

MEDIUM Year: 2001
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.

Related Vulnerabilities

CVE-2018-1000884

CRITICAL
CVSS:9.8(Critical)

Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Passwor...

CWE-2032018

CVE-2019-10071

CRITICAL
CVSS:9.8(Critical)

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code ex...

CWE-2032019

CVE-2022-23303

CRITICAL
CVSS:9.8(Critical)

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an inco...

CWE-2032022

CVE-2022-23304

CRITICAL
CVSS:9.8(Critical)

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an ...

CWE-2032022

CVE-2023-40756

CRITICAL
CVSS:9.8(Critical)

User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or no...

CWE-2032023

CVE-2023-50708

CRITICAL
CVSS:9.8(Critical)

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Conn...

CWE-2032023