CVE-2013-6043: Infoleak
First published: Sat Dec 27 2014(Updated: )
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Softaculous Webuzo | <=2.1.3 | |
| Softaculous Webuzo | =2.1.0 | |
| Softaculous Webuzo | =2.1.1 | |
| Softaculous Webuzo | =2.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
- https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007)
- https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/softaculous
- canonical/softaculous webuzo
- version/softaculous webuzo/2.1.3
- version/softaculous webuzo/2.1.0
- version/softaculous webuzo/2.1.1
- version/softaculous webuzo/2.1.2