CVE-2021-44155

Published: Dec 13, 2021Modified: Apr 30, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users.

Affected (1)

Products: Reprisesoftware: Reprise License Manager

Reprisesoftware

1 product

Reprise License Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Reprisesoftware Reprise License Manager	From 14.2 to 15.1

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (6)

http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes

Source: cve@mitre.org

PatchProductVendor Advisory

https://www.reprisesoftware.com/RELEASE_NOTES

Source: cve@mitre.org

Broken Link

http://packetstormsecurity.com/files/165182/Reprise-License-Manager-14.2-User-Enumeration.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://reprisesoftware.com/admin/rlm-admin-download.php?&euagree=yes

Source: af854a3a-2127-422b-91ae-364da2661108

PatchProductVendor Advisory

https://www.reprisesoftware.com/RELEASE_NOTES

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.