What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2023-38871.

What is the affected software?

The affected software is gugoan Economizzer version 0.9-beta1.

What is the description of this vulnerability?

This vulnerability in gugoan Economizzer allows user enumeration in the login and forgot password functionalities, enabling an attacker to determine whether a user or email address is valid.

Are there any references available for this vulnerability?

Yes, you can find references for this vulnerability at the following links: [link1](https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871), [link2](https://github.com/gugoan/economizzer), [link3](https://www.economizzer.org)

How can I fix this vulnerability?

To fix this vulnerability, update gugoan Economizzer to a version that is not affected by the user enumeration vulnerability.

Vulnerability/
CVE-2023-38871

medium

5.3

CWE

203

28/9/2023

24/9/2024

CVE-2023-38871

First published: Thu Sep 28 2023(Updated: )

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/gugoan/economizzer	<=0.9-beta1
Economizzer	=0.9-beta1
Economizzer	=april_2023

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-38871.
What is the affected software?
The affected software is gugoan Economizzer version 0.9-beta1.
What is the description of this vulnerability?
This vulnerability in gugoan Economizzer allows user enumeration in the login and forgot password functionalities, enabling an attacker to determine whether a user or email address is valid.
Are there any references available for this vulnerability?
Yes, you can find references for this vulnerability at the following links: [link1](https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871), [link2](https://github.com/gugoan/economizzer), [link3](https://www.economizzer.org)
How can I fix this vulnerability?
To fix this vulnerability, update gugoan Economizzer to a version that is not affected by the user enumeration vulnerability.

collector/github-advisory-latest
alias/GHSA-h3qf-v68r-35jg
alias/CVE-2023-38871
collector/github-advisory
agent/references
agent/type
agent/weakness
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-cve
agent/softwarecombine
package-manager/composer
vendor/economizzer
canonical/economizzer
version/economizzer/0.9-beta1
version/economizzer/april_2023

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.