← back
CVE-2013-6043

CVE-2013-6043

EPSS 2.9%
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/31982unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched