CVE-2021-46434: 
Homebrew vulnerability analysis and mitigation

EMQ X Dashboard V3.0.0 contains a username enumeration vulnerability in the '/api/v3/auth' interface. When a user attempts to login, the application returns different responses based on whether the account exists, allowing attackers to determine valid usernames. This vulnerability was disclosed on January 19, 2022 (GitHub Issue).

The vulnerability exists in the authentication endpoint '/api/v3/auth'. The application responds differently based on input validation: when logging in with an existing account but incorrect password, it displays 'Password Error', while logging in with a non-existent account returns 'Username Not Found'. This response discrepancy enables attackers to enumerate valid usernames. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability allows attackers to identify valid usernames in the system. This information disclosure can be leveraged for further attacks such as brute force attempts or targeted phishing campaigns, as attackers can focus their efforts on known valid accounts (NVD).