User Enumeration Vulnerability in PHPJabbers Document Creator Software
CVE-2023-40758

9.8CRITICAL

Key Information:

Vendor

PHPjabbers

Status
Document Creator
Vendor
CVE Published:
28 August 2023

What is CVE-2023-40758?

A security flaw in PHPJabbers Document Creator v1.0 allows user enumeration during the password recovery process. This vulnerability occurs due to inconsistent feedback messages provided by the application, which can lead an attacker to discern valid usernames from invalid ones. Such differentiation can potentially facilitate brute force attacks on valid accounts, posing a significant risk to user data protection and system integrity.

References

https://www.phpjabbers.com/document-creator/
https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.