Lucene search
HistoryDec 27, 2014 - 6:59 p.m.
CVE-2013-6043
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
70.7%
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
Affected configurations
Node
softaculouswebuzoRange≤2.1.3
ORsoftaculouswebuzoMatch2.1.0
ORsoftaculouswebuzoMatch2.1.1
ORsoftaculouswebuzoMatch2.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| softaculous | webuzo | * | cpe:2.3:a:softaculous:webuzo:*:*:*:*:*:*:*:* |
| softaculous | webuzo | 2.1.0 | cpe:2.3:a:softaculous:webuzo:2.1.0:*:*:*:*:*:*:* |
| softaculous | webuzo | 2.1.1 | cpe:2.3:a:softaculous:webuzo:2.1.1:*:*:*:*:*:*:* |
| softaculous | webuzo | 2.1.2 | cpe:2.3:a:softaculous:webuzo:2.1.2:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-6043
2014-12-27 18:00:00
cve
cve
CVE-2013-6043
2014-12-27 18:59:03
prion
prion
Authentication flaw
2014-12-27 18:59:00
openvas
openvas
Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability
2013-11-13 00:00:00
exploitpack
exploitpack
Webuzo 2.1.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
zdt
zdt
Webuzo 2.1.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
exploitdb
exploitdb
Webuzo 2.1.3 - Multiple Vulnerabilities
2014-02-28 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
70.7%
Related for NVD:CVE-2013-6043