CVE-2019-12743

Name of the Vulnerable Software and Affected Versions HumHub Social Network Kit Enterprise version 1.3.13

Description The issue allows remote attackers to find existing user accounts on Social Network Kits, including self-hosted ones, by brute-forcing the username after the "/u/" initial URI substring. This is due to a response discrepancy information exposure.

Recommendations For HumHub Social Network Kit Enterprise version 1.3.13, consider restricting access to the "/u/" API endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, implement rate limiting or IP blocking to prevent brute-force attacks on user accounts.