VDB
KO
MEDIUM 5.3

GHSA-67v7-3g49-mxh2

PrestaShop affected by time based enumeration in FO login form

Details

### Impact A time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times.

### Patches 8.2.4 and 9.0.3

### Workarounds none

### References Found by Lam Yiu Tung

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / prestashop/prestashop
Introduced in: 9.0.0-alpha.1 Fixed in: 9.0.3
Fix composer require prestashop/prestashop:^9.0.3
Packagist / prestashop/prestashop
Introduced in: 0 Fixed in: 8.2.4
Fix composer require prestashop/prestashop:^8.2.4

References