User Enumeration Vulnerability in PHPJabbers Document Creator Software
CVE-2023-40758

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Document Creator
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40758?

A security flaw in PHPJabbers Document Creator v1.0 allows user enumeration during the password recovery process. This vulnerability occurs due to inconsistent feedback messages provided by the application, which can lead an attacker to discern valid usernames from invalid ones. Such differentiation can potentially facilitate brute force attacks on valid accounts, posing a significant risk to user data protection and system integrity.

References

https://www.phpjabbers.com/document-creator/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40758?

References

CVSS V3.1

Timeline