User Enumeration Vulnerability in PHPJabbers Callback Widget
CVE-2023-40756

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Callback Widget
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40756?

The Callback Widget v1.0 from PHPJabbers is susceptible to a user enumeration issue during the password recovery process. An attacker can exploit this vulnerability by analyzing the difference in feedback messages presented by the application. This can lead to the identification of valid user accounts, which could be further targeted using brute force methods. Securing the message handling during such processes is crucial to prevent unauthorized access.

References

https://www.phpjabbers.com/callback-widget/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40756?

References

CVSS V3.1

Timeline