CVE-2019-14351

Published: 2019-07-28T16:15Z

Last Modified: 2024-11-21T04:26Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malicious authenticated attacker can brute-force a user password hash by 1 symbol at a time using specially crafted api/v1/User?filterList filters. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt