CVE-2023-38871

Name of the Vulnerable Software and Affected Versions gugoan Economizzer version 0.9-beta1

Description The issue concerns a user enumeration vulnerability in the login and forgot password functionalities. The application reacts differently when a user or email address is valid, and when it's not, potentially allowing an attacker to determine whether a user or email address is valid or brute force valid usernames and email addresses.

Recommendations For version 0.9-beta1, consider temporarily disabling the login and forgot password functionalities until a patch is available. Restrict access to these features to minimize the risk of exploitation. Avoid using the affected functionalities in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.