First published: Fri Nov 17 2023(Updated: )
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Kodcloud Kodbox | =1.46.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security flaw in kodbox is CVE-2023-48028.
CVE-2023-48028 has a severity rating of 9.8 (critical).
The affected software and version of CVE-2023-48028 is Kodbox 1.46.01.
User enumeration is a technique where an attacker can identify valid users based on varying response messages.
The security flaw in kodbox enables user enumeration on the login page by providing varying response messages that can be used to identify valid users.
The risk of the user enumeration vulnerability in kodbox is that it can potentially pave the way for a brute force attack.
Yes, you can find references for CVE-2023-48028 at the following URLs: [https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae](https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae) and [https://nitipoom-jar.github.io/CVE-2023-48028/](https://nitipoom-jar.github.io/CVE-2023-48028/).
The CWE category of CVE-2023-48028 is CWE-307 (Improper Restriction of Excessive Authentication Attempts).