Home > Vulnerability Database > WS-2022-0416

Mend.io Vulnerability Database

WS-2022-0416

Good to know:

Date: November 5, 2022

User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the response body, response headers or sometimes, in the response delay. In your application, user enumeration occurs when a user requests a password reset.

Language: PHP

Severity Score

5.3

Related Resources (2)

Url: https://github.com/froxlor/froxlor/commit/4d454a39034b72c2d79ddabc3f719aa98af4b6ed

Url: https://www.mend.io/vulnerability-database/WS-2022-0416

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version 0.10.38.3

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0416

Good to know:

Date: November 5, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?