CVE-2004-0294

Name of the Vulnerable Software and Affected Versions YaBB version 1 SP 1.3.1

Description The issue allows remote attackers to identify valid users due to different error messages being displayed when a user exists or not. This makes it easier to conduct a brute force password guessing attack.

Recommendations For YaBB version 1 SP 1.3.1, consider modifying the error messages to be generic, avoiding the disclosure of user existence, until a patch is available. As a temporary workaround, restrict access to the user login functionality to minimize the risk of exploitation.