2025-06-12 13:29:45
SICK AG
PUBLISHED
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.