CVE-2023-38871

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 28, 2023

Updated: Oct 3, 2023

CWE ID 203

Summary

CVE-2023-38871: The April 2023 commit 3730880 and version 0.9-beta1 of gugoan Economizzer uncovered a user enumeration vulnerability. In the login and forgot password functionalities, the app responds distinctly to valid and invalid usernames or email addresses. This distinction enables an attacker to ascertain whether a given username or email address is valid or proceed with brute-force attacks to discover valid credentials.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sG6Rtb
https://www.cve.org/CVERecord?id=CVE-2023-38871
https://nvd.nist.gov/vuln/detail/CVE-2023-38871

Back to Vulnerability Database

CVE-2023-38871

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations