CVE-2023-40762
First published: Mon Aug 28 2023(Updated: )
User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPJabbers Fundraising Script | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40762.
What is the severity of CVE-2023-40762?
The severity of CVE-2023-40762 is critical with a score of 9.8.
What software is affected by CVE-2023-40762?
PHPJabbers Fundraising Script v1.0 is affected by CVE-2023-40762.
How does the vulnerability occur?
The vulnerability occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not.
What can an attacker do with this vulnerability?
An attacker can use this vulnerability to perform user enumeration and launch a brute force attack with valid user accounts.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/references
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/severity
- agent/weakness
- agent/description
- agent/epss
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/phpjabbers
- canonical/phpjabbers fundraising script
- version/phpjabbers fundraising script/1.0