2 matches found
CVE-2004-0294
YaBB 1 SP 1.3.1 is vulnerable to information disclosure via password enumeration. The vulnerability arises because the application displays different error messages when a user exists versus does not exist, enabling remote attackers to determine valid usernames and perform brute‑force password gu...
CVE-2004-0294
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack...