All posts for: CVE-2024-2464

Vulnerability detected by me in the CDeX software offered by the company of the same name. This vulnerability occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.