CVE-2023-48028

Name of the Vulnerable Software and Affected Versions kodbox version 1.46.01

Description The issue allows user enumeration, which is present on the login page. An attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

Recommendations For kodbox version 1.46.01, consider modifying the login page to return uniform response messages for both valid and invalid user inputs to prevent user enumeration. As a temporary workaround, restrict access to the login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.