CVE-2013-6043

EUVD-2013-5873
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
softaculouswebuzo
𝑥
≤ 2.1.3
softaculouswebuzo
2.1.0
softaculouswebuzo
2.1.1
softaculouswebuzo
2.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29
http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched
https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29