Unrated severityNVD Advisory· Published Oct 28, 2013· Updated Jun 16, 2026
CVE-2013-6020
CVE-2013-6020
Description
passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the (1) Assessor, (2) Recorder, or (3) Treasurer application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 3.13.3.1
Patches
Vulnerability mechanics
References
1- www.kb.cert.org/vuls/id/911678nvdUS Government Resource
News mentions
0No linked articles in our index yet.