PT-2014-3024 · Softaculous · Webuzo
Mahendra
·
Publicado
2014-12-27
·
Atualizado
2018-08-13
·
CVE-2013-6043
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Softaculous Webuzo versions prior to 2.1.4
Description
The issue concerns the login function, which provides different error messages for invalid authentication attempts based on whether the user account exists. This allows remote attackers to enumerate usernames by sending a series of requests.
Recommendations
For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webuzo