Information disclosure in Softaculous Webuzo

CVE-2013-6043

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of…

Vulnerability class: Information Disclosure

EPSS: 0.117 (93.8th percentile) — read the EPSS interpretation.

Affected products

Softaculous Webuzo — versions 2.1.0, 2.1.1, 2.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)