Learn about CVE-2021-45901, a vulnerability in ServiceNow Orlando's password-reset form that can leak user account information. Find impact details and mitigation steps here.
A vulnerability in the password-reset form in ServiceNow Orlando that leaks information about user account existence.
Understanding CVE-2021-45901
What is CVE-2021-45901?
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts based on whether the username exists, leaking sensitive information.
The Impact of CVE-2021-45901
This vulnerability can lead to username enumeration, potentially aiding malicious actors in targeted attacks.
Technical Details of CVE-2021-45901
Vulnerability Description
The issue lies in ServiceNow Orlando's password-reset form, which can disclose user account information via differing invalid authentication responses.
Affected Systems and Versions
Exploitation Mechanism
Mitigation and Prevention
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates
ServiceNow may release patches or updates to fix this vulnerability. Stay informed and apply patches promptly to secure user information.