Lucene search
HistoryDec 27, 2014 - 6:59 p.m.
CVE-2013-6043
cve-2013-6043
softaculous webuzo
authentication
security vulnerability
user enumeration
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
Affected configurations
Node
softaculouswebuzoRange≤2.1.3
ORsoftaculouswebuzoMatch2.1.0
ORsoftaculouswebuzoMatch2.1.1
ORsoftaculouswebuzoMatch2.1.2
Related
cvelist
cvelist
CVE-2013-6043
2014-12-27 18:00:00
prion
prion
Authentication flaw
2014-12-27 18:59:00
nvd
nvd
CVE-2013-6043
2014-12-27 18:59:03
openvas
openvas
Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability
2013-11-13 00:00:00
exploitpack
exploitpack
Webuzo 2.1.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
exploitdb
exploitdb
Webuzo 2.1.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
Related for CVE-2013-6043