|Article No°||Product Name||Affected Version(s)|
An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.11.2.
A remote, unauthenticated user can enumerate valid users by using a timing attack.
A remote, unauthenticated attacker can enumerate valid users with a timing attack against the webserver.
Update to Version 2.12.1
SySS GmbH reported this vulnerability to Helmholz.
Helmholz reported this vulnerability to MB connect line.
CERT@VDE coordinated with Helmholz & MB connect line.