Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Cynet_360 |
Cynet |
* |
4.5.6 (excluding) |
References