Email and Username Enumeration Vulnerability in Wekan by Wekan
CVE-2018-1000549

5.3MEDIUM

Key Information:

Vendor

Wekan Project

Status
Wekan
Vendor
CVE Published:
26 June 2018

What is CVE-2018-1000549?

Wekan version 1.04.0 is affected by an Email and Username Enumeration vulnerability found in the 'Register' and 'Forgot your password?' functionalities. This weakness enables a remote attacker to conduct brute force attacks, allowing them to identify valid usernames and email addresses associated with accounts. The exploitation of this vulnerability can be executed through specially crafted HTTP requests, raising significant security concerns for user account integrity and privacy.

References

https://shadow-vault.com/wekan.html
x_refsource_MISC
https://raw.githubusercontent.com/distributedweaknessfili...
x_refsource_MISC
https://wekan.github.io/hall-of-fame/brutebleed/
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.