PT-2014-3024 · Softaculous · Webuzo
Mahendra
·
Published
2014-12-27
·
Updated
2018-08-13
·
CVE-2013-6043
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Softaculous Webuzo versions prior to 2.1.4
Description
The issue concerns the login function, which provides different error messages for invalid authentication attempts based on whether the user account exists. This allows remote attackers to enumerate usernames by sending a series of requests.
Recommendations
For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webuzo