User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-20T13:17:28.137Z
Updated: 2024-08-15T17:50:15.783Z
Reserved: 2024-02-15T07:44:36.776Z
Link: CVE-2024-26268
Vulnrichment
Updated: 2024-08-02T00:07:19.174Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T14:15:09.350
Modified: 2024-11-21T09:02:16.310
Link: CVE-2024-26268
Redhat
No data.