CVE-2023-40756
First published: Mon Aug 28 2023(Updated: )
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPJabbers Callback Widget | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40756.
What is the severity rating of CVE-2023-40756?
The severity rating of CVE-2023-40756 is critical (9.8).
What is the affected software?
The affected software is PHPJabbers Callback Widget v1.0.
What is the impact of this vulnerability?
This vulnerability allows user enumeration, enabling attackers to determine if a user is valid and potentially launching brute force attacks.
Are there any known fixes for this vulnerability?
At the moment, there are no known fixes for this vulnerability. It is recommended to monitor for vendor patches and updates.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/severity
- agent/weakness
- agent/description
- agent/epss
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/phpjabbers
- canonical/phpjabbers callback widget
- version/phpjabbers callback widget/1.0