Authentication Flaw in Softaculous Webuzo Affects User Security
CVE-2013-6043

Currently unrated

Key Information:

Vendor: Softaculous
Status: Webuzo
Vendor: CVE Published:; 27 December 2014

What is CVE-2013-6043?

A flaw in the login functionality of the Softaculous Webuzo platform allows attackers to discern the existence of user accounts through inconsistent error messages. When users attempt to log in, the system provides different responses based on whether the username exists, creating an opportunity for unauthorized individuals to enumerate valid usernames. This vulnerability poses a security risk as it may lead to further attacks such as targeted brute-force attacks, ultimately compromising user accounts and sensitive information.

References

https://web.archive.org/web/20140126212101/http://www.bae...

x_refsource_MISC

http://www.softaculous.com/board/index.php?tid=4526&title...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 27, 2014
Vulnerability Reserved
Oct 4, 2013