Headline
CVE-2023-49278: Brute force exploit can be used to collect valid usernames
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
Package
nuget Umbraco.CMS (NuGet)
Affected versions
> 8.0.0
Patched versions
8.18.10, 10.8.1, 12.3.4+
Description
Impact
A brute force exploit that can be used to collect valid usernames is possible.
Explanation of the vulnerability
To be revealed at a later point in time.
Related news
GHSA-7x74-h8cw-qhxq: Brute force exploit can be used to collect valid usernames
#### Impact A brute force exploit that can be used to collect valid usernames is possible.