CVE-2020-35952

Name of the Vulnerable Software and Affected Versions: PHPFusion (aka PHP-Fusion) Andromeda versions 9.x before 2020-12-30

Description: The issue arises from the login.php file generating distinct error messages for incorrect usernames and passwords, rather than a unified message. This distinction might allow for enumeration.

Recommendations: For PHPFusion (aka PHP-Fusion) Andromeda versions 9.x before 2020-12-30, update to a version released after 2020-12-30 to resolve the issue. As a temporary workaround, consider modifying the login.php file to display a single, unified error message for both incorrect usernames and passwords, thus preventing potential enumeration.