NiceHash Miner before 2.0.3.0 Information Exposure Vulnerability

Summary

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an “EMAIL DOES NOT EXIST” error message occurs whenever a submitted email address is incorrect.

Credit:

The information has been provided by Vendor

The original article can be found at:https://cyberworldmirror.com/nicehash-vulnerability-leaked-miners-information/

 


Details

There is a different error message for invalid credentials with a correct email address.

Vulnerable Systems:

NiceHash Miner before 2.0.3.0 

CVE Information:

CVE-2019-6122

Disclosure Timeline:
Published Date:11/6/2019