CVE-2023-40764
First published: Mon Aug 28 2023(Updated: )
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPJabbers Car Rental Script | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-40764.
What is the severity of CVE-2023-40764?
The severity of CVE-2023-40764 is critical with a CVSS score of 9.8.
How does user enumeration occur in PHP Jabbers Car Rental Script v3.0?
User enumeration occurs during password recovery, where a difference in messages allows an attacker to determine if the user is valid or not.
What can an attacker do with the user enumeration vulnerability in PHP Jabbers Car Rental Script v3.0?
An attacker can use the user enumeration vulnerability to perform a brute force attack with valid user accounts.
How can the user enumeration vulnerability in PHP Jabbers Car Rental Script v3.0 be fixed?
To fix the user enumeration vulnerability in PHP Jabbers Car Rental Script v3.0, it is recommended to implement proper error handling during the password recovery process.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/epss-latest
- source/FIRST
- agent/severity
- agent/weakness
- agent/description
- agent/epss
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/phpjabbers
- canonical/phpjabbers car rental script
- version/phpjabbers car rental script/3.0