Bug #22304: [External Audit Findings][MLEB] User Enumeration through Error Messages - VELO Production Issue - S-MADP Customer Support & Information Center

Bug #22304

[External Audit Findings][MLEB] User Enumeration through Error Messages

Added by yap chekying about 13 hours ago.

Status:

New

Start date:

29 July 2025

Priority:

Immediate

Due date:

Assignee:

Tan Hi Ann

% Done:

Category:

Spent time:

Target version:

Description

Issue:
Error messages in an application can provide valid and invalid username information.
This information can potentially provide attackers with information for further attacks. This information allows attackers to perform brute-force attacks on the application.

Recommendation from pentester:
It is recommended to provide the same information in the error message so that it does not display whether the username is valid or not.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:10 AM

Also available in: Atom PDF

OCBC NISP Velocity Mobile » VELO Production Issue

Issues

Custom queries

Bug #22304

[External Audit Findings][MLEB] User Enumeration through Error Messages