Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6043

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-6043
Last Modified 08 Jan 2015 08:40:03
Published 27 Dec 2014 01:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-6043

Summary

The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

Vulnerable Systems

Application

  • Softaculous Webuzo 2.1.0

  • Softaculous Webuzo 2.1.1

  • Softaculous Webuzo 2.1.2

  • Softaculous Webuzo 2.1.3


References

MISC - https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-(DS-2013-007)

CONFIRM - http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched


Last Updated: 27 May 2016 11:07:22