CVE-2013-6020

Published: Oct 28, 2013Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.

Affected (1)

Products: Tylertech: Taxweb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tylertech Taxweb	Version 3.13.3.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www.kb.cert.org/vuls/id/911678

Source: cret@cert.org

US Government Resource

http://www.kb.cert.org/vuls/id/911678

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.