CVEs-PoC/2020/CVE-2020-28206.md at dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-01 11:01:35 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.

POC

Reference

https://justrealstag.medium.com/user-enumeration-improper-restriction-of-excessive-authentication-attempts-in-bitrix-98933a97e0e6

Github

No PoCs found on GitHub currently.

926 B Raw Blame History

CVE-2020-28206

Description

POC

Reference

Github

926 B

Raw Blame History