In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Mend

Published: 2021-08-30T14:07:00.257077Z

Updated: 2024-09-16T18:02:54.998Z

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25958

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-30T14:15:07.117

Modified: 2024-11-21T05:55:40.523

Link: CVE-2021-25958

cve-icon Redhat

No data.