CVE-2018-1000549

Name of the Vulnerable Software and Affected Versions Wekan version 1.04.0

Description The issue allows a remote attacker to perform a brute force attack to obtain valid usernames and email addresses via HTTP Request, exploiting the Email / Username Enumeration vulnerability in the 'Register' and 'Forgot your password?' pages.

Recommendations For Wekan version 1.04.0, consider restricting access to the 'Register' and 'Forgot your password?' pages as a temporary workaround until a patch is available. Avoid using these features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.