← back
CVE-2023-38871

CVE-2023-38871

EPSS 0.6%
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871https://github.com/gugoan/economizzerhttps://www.economizzer.org