CVE-2020-28918

{"id": "CVE-2020-28918", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-02-16T20:15:15.657", "references": [{"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-28918", "source": "cve@mitre.org"}, {"url": "https://deepnetsecurity.com/multi-factor-authentication/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28918", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://deepnetsecurity.com/multi-factor-authentication/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28918", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an \"unknown username\" error message."}, {"lang": "es", "value": "DualShield versi\u00f3n 5.9.8.0821, permite la enumeraci\u00f3n de nombres de usuario en su formulario de inicio de sesi\u00f3n. Un nombre de usuario v\u00e1lido resulta en un requerimiento de la contrase\u00f1a, mientras que uno no v\u00e1lido producir\u00e1 un mensaje de error \"unknown username\""}], "lastModified": "2025-05-30T16:15:26.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deepnetsecurity:dualshield:5.9.8.0821:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B9EF158-35B1-495B-B626-887CC99C5D24"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}