Information disclosure in Logon Page in MV’s mConnect application v02.001.00 allows an attacker to know valid users from the application’s database via brute force.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23283
Reference (s):
- https://github.com/ifmacedo/mconnect/blob/main/bruteforce
- https://www.linkedin.com/pulse/descobrindo-usu%C3%A1rios-brute-force-iran/