CVE-2023-40179

Name of the Vulnerable Software and Affected Versions Silverware Games versions prior to 1.3.6

Description The issue concerns the Password Recovery form in Silverware Games, a premium social network for online gaming. Prior to version 1.3.6, the form would indicate whether an email address is associated with a site member by throwing an error if the email was not found in the database. This behavior allowed potential attackers to determine if a specific email address is linked to a user account. Since version 1.3.6, the form always returns the "Enter the code" page, displaying a message that a code will be sent if the email is associated with an account, thus preventing attackers from identifying email addresses linked to user accounts.

Recommendations For versions prior to 1.3.6, update to version 1.3.6 or later to prevent potential violators from determining if the site has a user with a specified email.