CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

CVSS

No CVSS.

References

Link	Resource
https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint	Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint	Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center	Product
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*

History

18 Apr 2025, 12:39

Type	Values Removed	Values Added
References	~~() https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint -~~	() https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint - Vendor Advisory
References	~~() https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -~~	() https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - Product
CPE		cpe:2.3:a:logpoint:siem::::::::
First Time		Logpoint siem Logpoint

07 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 16:15

Updated : 2025-04-18 12:39

NVD link : CVE-2024-33856

Mitre link : CVE-2024-33856

JSON object : View

Products Affected

logpoint

siem

CWE

No CWE.

JSON object

Attach tags to CVE-2024-33856

Attach tags to `CVE-2024-33856`